On the Security Analysis of Lee, Hwang & Lee (2004) and Song & Kim (2000) Key Exchange / Agreement Protocols
Volume 17, Issue 4 (2006), pp. 467–480
Pub. online: 1 January 2006
Type: Research Article
The views and opinions expressed in this paper do not necessarily reflect those of the Commonwealth Government, the Minister for Justice and Customs, or the Australian Institute of Criminology. Research was performed while the author was with the Information Security Institute / Queensland University of Technology.
Received
1 May 2005
1 May 2005
Published
1 January 2006
1 January 2006
Abstract
We revisit the password-based group key exchange protocol due to Lee et al. (2004), which carries a claimed proof of security in the Bresson et al. model under the intractability of the Decisional Diffie–Hellman problem (DDH) and Computational Diffie–Hellman (CDH) problem. We reveal a previously unpublished flaw in the protocol and its proof, whereby we demonstrate that the protocol violates the definition of security in the model. To provide a better insight into the protocol and proof failures, we present a fixed protocol. We hope our analysis will enable similar mistakes to be avoided in the future. We also revisit protocol 4 of Song and Kim (2000), and reveal a previously unpublished flaw in the protocol (i.e., a reflection attack).