Efficient Three-Party Authentication and Key Agreement Protocols Resistant to Password Guessing Attacks
نویسندگان
چکیده
Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-equivalent mechanism in which a compromise of the server’s database will not result in success in directly impersonating clients.
منابع مشابه
Attack on the Sun-Chen-Hwang's Three-Party Key Agreement Protocols Using Passwords
The possibility of secure password-authenticated key exchange was recognized in the work of Bellovin and Merritt [1], which shows how to bootstrap a high-entropy cryptographic key from a weak, low-entropy password. Due in large part to the practical significance of password-based authentication, this initial work has been extended to a number of settings, including a three-party model where an ...
متن کاملThree-Party Password-Based Authenticated Key Establishment Protocol Resisting Detectable On-Line Attacks
Three-party password-based authenticated key establishment (three-party PAKE) protocols, which enables two clients to authenticate each other and build a session key with the help of an on-line server, has received much attention in recent years. Until now, designing a secure three-party PAKE protocol resisting detectable on-line password guessing attacks is still a challenging problem. To prev...
متن کاملFormal analysis of Jan–Chen, Yang–Shen–Shieh, Kim–Huh–Hwang– Lee, Lin–Sun–Hwang, and Yeh–Sun protocols
Despite the importance of proofs in assuring protocol implementers about the security properties of key establishment protocols, many protocol designers fail to provide any proof of security. Flaws detected long after the publication and/or implementation of protocols will erode the credibility of key establishment protocols. We revisit recent work of Choo, Boyd, Hitchcock, Maitland where they ...
متن کاملImpersonating the Server on Simple three Party Key Exchange Protocol
The Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. On the other hand, the protocol should resist all types of password guessing attacks, since the password is of low entropy. Recently Lu Cao proposed a simple three-party password based authenticated key exchange (S-3 PAKE) protocol and claim...
متن کاملSecurity Analysis and Enhancements of Verifier-Based Password-Authenticated Key Exchange Protocols in the Three-Party Setting
This paper investigates verifier-based password authenticated key exchange (PAKE) protocols in the three party setting. We first show that the protocol recently proposed by Li et al. is vulnerable to off-line dictionary attack and unknown key-share attack. Moreover, we also show that the direct elliptic curve (EC) analog of the DL based protocol proposed by Kwon et al. can’t resist the off-line...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- J. Inf. Sci. Eng.
دوره 19 شماره
صفحات -
تاریخ انتشار 2003