On the security of a password-only authenticated three-party key exchange protocol
نویسندگان
چکیده
This note reports major previously unpublished security vulnerabilities in the password-only authenticated three-party key exchange protocol due to Lee and Hwang (Information Sciences, 180, 1702–1714, 2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary.
منابع مشابه
Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting
We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptio...
متن کاملPassword-Based Authenticated Key Exchange in the Three-Party Setting
Password-based authenticated key exchange are protocols which are designed to be secure even when the secret key or password shared between two users is drawn from a small set of values. Due to the low entropy of passwords, such protocols are always subject to online guessing attacks. In these attacks, the adversary may succeed with non-negligible probability by guessing the password shared bet...
متن کاملA New Ring-Based SPHF and PAKE Protocol On Ideal Lattices
emph{ Smooth Projective Hash Functions } ( SPHFs ) as a specific pattern of zero knowledge proof system are fundamental tools to build many efficient cryptographic schemes and protocols. As an application of SPHFs, emph { Password - Based Authenticated Key Exchange } ( PAKE ) protocol is well-studied area in the last few years. In 2009, Katz and Vaikuntanathan described the first lattice-based ...
متن کاملAn Efficient Password-Only Authenticated Three-Party Key Exchange Protocol
Password-only authenticated key exchange (PAKE) protocols allow to generate cryptographically strong keys from humanmemorable passwords. The design of an efficient PAKE protocol is difficult, especially in the three-party setting where dictionary attacks by malicious insiders are a major concern. The difficulty is well illustrated by the fact that after twenty years of research, only a handful ...
متن کاملEnhancements of a three-party password-based authenticated key exchange protocol
This paper discusses the security for a simple and efficient three-party password-based authenticated key exchange protocol proposed by Huang most recently. Our analysis shows her protocol is still vulnerable to three kinds of attacks: 1). undetectable on-line dictionary attacks, 2). key-compromise impersonation attack. Thereafter we propose an enhanced protocol that can defeat the attacks desc...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2013 شماره
صفحات -
تاریخ انتشار 2013