Cryptanalysis of simple three-party key exchange protocol

被引：58

作者：

Guo, Hua ^{[1
]}

Li, Zhoujun ^{[1
]}

Mu, Yi ^{[2
]}

Zhang, Xiyong ^{[3
]}

机构：

[1] Beihang Univ, Sch Engn & Comp Sci, Beijing 100083, Peoples R China

[2] Univ Wollongong, Sch Comp Sci Software Engn, Ctr Comp & Informat Secur Res, Wollongong, NSW 2522, Australia

[3] Informat Engn Univ, Dept Appl Math, Zhengzhou 450002, Peoples R China

来源：

COMPUTERS & SECURITY | 2008年 / 27卷 / 1-2期

关键词：

password-authenticated key exchange; cryptanalysis; security; dictionary attack; man-in-the-middle attack;

D O I：

10.1016/j.cose.2008.03.001

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol. (c) 2008 Elsevier Ltd. All rights reserved.

引用

页码：16 / 21

页数：6

共 50 条

[1] Cryptanalysis of a Simple Three-party Key Exchange Protocol
He, Debiao
Chen, Jianhua
Hu, Jin
INFORMATICA-JOURNAL OF COMPUTING AND INFORMATICS, 2010, 34 (03): : 337 - 339
[2] Cryptanalysis of a simple three-party key exchange protocol
Debiao, He
Jianhua, Chen
Jin, Hu
Informatica (Ljubljana), 2010, 34 (03) : 337 - 339
[3] Cryptanalysis of an Enhanced Simple Three-Party Key Exchange Protocol
Kim, Hae-Jung
Yoon, Eun-Jun
SECURITY TECHNOLOGY, 2011, 259 : 167 - +
[4] Cryptanalysis of a simple three-party password-based key exchange protocol
Yoon, Eun-Jun
Yoo, Kee-Young
INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2011, 24 (04) : 532 - 542
[5] Simple three-party key exchange protocol
Lu, Rongxing
Cao, Zhenfu
COMPUTERS & SECURITY, 2007, 26 (01) : 94 - 97
[6] Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
Phan, Raphael C. -W.
Yau, Wei-Chuen
Gol, Bok-Min
INFORMATION SCIENCES, 2008, 178 (13) : 2849 - 2856
[7] Three weaknesses in a simple three-party key exchange protocol
Chung, Hao-Rung
Ku, Wei-Chi
INFORMATION SCIENCES, 2008, 178 (01) : 220 - 229
[8] Simple three-party password authenticated key exchange protocol
Lo N.-W.
Yeh K.-H.
Journal of Shanghai Jiaotong University (Science), 2011, 16 (5) : 600 - 603
[9] Simple Three-Party Password Authenticated Key Exchange Protocol
罗乃维
叶国晖
JournalofShanghaiJiaotongUniversity(Science), 2011, 16 (05) : 600 - 603
[10] Cryptanalysis and Enhancements of Three-Party Authenticated Key Exchange Protocol using ECC
Wu, Shuhua
Zhu, Yuefei
Pu, Qiong
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, 2011, 27 (04) : 1329 - 1343

← 1 2 3 4 5 →