Improving Security of A Communication-efficient Three-party Password Authentication Key Exchange Protocol
نویسندگان
چکیده
Three-party Password-based Authentication Key Exchange (3PAKE) allows a trusted server to assist two users to establish a common session key. Recently, Wu et al. pointed out that Chang et al.’s 3PAKE was vulnerable to the off-line guessing attack and proposed an improved 3PAKE to fix the problem. However, we found that Wu et al.’s protocol is still subject to the off-line guessing attack. In addition, the paper offers a simple method to detect the attack.
منابع مشابه
Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting
We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptio...
متن کاملAn Efficient Password Security of Multi-Party Key Exchange Protocol based on ECDLP
In this paper we have proposed an efficient password security of multiparty Key Exchange Protocol based on Elliptic Curve Discrete Logarithm Problem. Key exchange protocols allow a group of parties communicating over a public network to establish a common secret key called session key. Due to their significance by in building a secure communication channel, a number of key exchange protocols ha...
متن کاملAn Efficient Password-Only Authenticated Three-Party Key Exchange Protocol
Password-only authenticated key exchange (PAKE) protocols allow to generate cryptographically strong keys from humanmemorable passwords. The design of an efficient PAKE protocol is difficult, especially in the three-party setting where dictionary attacks by malicious insiders are a major concern. The difficulty is well illustrated by the fact that after twenty years of research, only a handful ...
متن کاملEnhancements of a three-party password-based authenticated key exchange protocol
This paper discusses the security for a simple and efficient three-party password-based authenticated key exchange protocol proposed by Huang most recently. Our analysis shows her protocol is still vulnerable to three kinds of attacks: 1). undetectable on-line dictionary attacks, 2). key-compromise impersonation attack. Thereafter we propose an enhanced protocol that can defeat the attacks desc...
متن کاملA Computation-Efficient Three-Party Encrypted Key Exchange Protocol
Recently, Chen et al. proposed a three-party encrypted key exchange (3PEKE) protocol with password authentication which is called CCLC-3PEKE. The protocol simultaneously possesses round and computation efficiencies. However, the protocol is vulnerable to replaying attacks. Since the protocol is currently one of the most superior of all 3PEKE protocols, it seems valuable to remedy the security w...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 17 شماره
صفحات -
تاریخ انتشار 2015