Dragonfly is Password Authenticated Key Exchange protocol that uses a shared session key to authenticate\nparties based on pre-shared secret password. It was claimed that this protocol was secure\nagainst off-line dictionary attack, but a new research has proved its vulnerability to off-line\ndictionary attack and proving step was applied by using ââ?¬Å?Patched Protocolââ?¬Â which was based on\npublic key validation. Unfortunately, this step caused a raise in the computation cost, which made\nthis protocol less appealing than its competitors. We proposed an alternate enhancement to keep\nthis protocol secure without any extra computation cost that was known as ââ?¬Å?Enhanced Dragonflyââ?¬Â.\nThis solution based on two-pre-shared secret passwords instead of one and the rounds between\nparties had compressed into two rounds instead of four. We prove that the enhanced-Dragonfly\nprotocol is secure against off-line dictionary attacks by analyzing its security properties using the\nScyther tool. A simulation was developed to measure the execution time of the enhanced protocol,\nwhich was found to be much less than the execution time of patched Dragonfly. The off-line dictionary\nattack time is consumed for few days if the dictionary size is 10,000. According to this, the\nuse of the enhanced Dragonfly is more efficient than the patched Dragonfly.
Loading....