Augmented encrypted key exchange using RSA encryption

Abstract

The augmented encrypted key exchange (A-EKE) uses a shared secret key for encryption. The A-EKE uses the hash of sender's password as the shared secret key. By using Simmon's attack the sender's password can be broken. If this is accomplished, the attacker is able to know the communicating parties session key used after authentication as well as in the authentication of the sender. Furthermore, using the broken session key and the password, the attacker can impersonate the real sender. To prevent this from happening, we propose a method to keep the session key and sender's password secret even if the attacker can break the shared secret key. This is accomplished by using RSA encryption. In our proposed scheme we use public keys which will be kept by the communicating parties and will be exchanged indirectly, i.e. instead of sending the whole public key the two parties will send the number which determines their public key, along with the shared key.