Cryptanalysis of simple three-party key exchange protocol

被引：58

作者：

Guo, Hua ^{[1
]}

Li, Zhoujun ^{[1
]}

Mu, Yi ^{[2
]}

Zhang, Xiyong ^{[3
]}

机构：

[1] Beihang Univ, Sch Engn & Comp Sci, Beijing 100083, Peoples R China

[2] Univ Wollongong, Sch Comp Sci Software Engn, Ctr Comp & Informat Secur Res, Wollongong, NSW 2522, Australia

[3] Informat Engn Univ, Dept Appl Math, Zhengzhou 450002, Peoples R China

来源：

COMPUTERS & SECURITY | 2008年 / 27卷 / 1-2期

关键词：

password-authenticated key exchange; cryptanalysis; security; dictionary attack; man-in-the-middle attack;

D O I：

10.1016/j.cose.2008.03.001

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol. (c) 2008 Elsevier Ltd. All rights reserved.

引用

页码：16 / 21

页数：6

共 50 条

[21] Enhanced password-based simple three-party key exchange protocol
Kim, Hyun-Seok
Choi, Jin-Young
COMPUTERS & ELECTRICAL ENGINEERING, 2009, 35 (01) : 107 - 114
[22] A PRACTICAL THREE-PARTY AUTHENTICATED KEY EXCHANGE PROTOCOL
Lo, Nai Wei
Yeh, Kuo-Hui
INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2010, 6 (06): : 2469 - 2483
[23] A novel three-party encrypted key exchange protocol
Chang, CC
Chang, YF
COMPUTER STANDARDS & INTERFACES, 2004, 26 (05) : 471 - 476
[24] A Security Patch for a Three-Party Key Exchange Protocol
ZHAO Jianjie1
2.Department of Computer Science and Engineering
Wuhan University Journal of Natural Sciences, 2010, 15 (03) : 242 - 246
[25] Cryptanalysis and enhancement of a chaotic maps-based three-party password authenticated key exchange protocol
Hu, Xuexian
Zhang, Zhenfeng
NONLINEAR DYNAMICS, 2014, 78 (02) : 1293 - 1300
[26] Cryptanalysis of a three-party password- based authenticated key exchange protocol using Weil pairing
He, Debiao
Chen, Jianhua
INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS, 2012, 4 (04) : 244 - 251
[27] Cryptanalysis and enhancement of a chaotic maps-based three-party password authenticated key exchange protocol
Xuexian Hu
Zhenfeng Zhang
Nonlinear Dynamics, 2014, 78 : 1293 - 1300
[28] An Off-Line Dictionary Attack on a Simple Three-Party Key Exchange Protocol
Nam, Junghyun
Paik, Juryon
Kang, Hyun-Kyu
Kim, Ung Mo
Won, Dongho
IEEE COMMUNICATIONS LETTERS, 2009, 13 (03) : 205 - 207
[29] Simple three-party password-based key exchange protocol with provable security
1600, Acta Press (35):
[30] A Note on An Enhanced Three-Party Authentication Key Exchange Protocol
Tan, Zuowen
ADVANCED MEASUREMENT AND TEST, PARTS 1 AND 2, 2010, 439-440 : 1367 - 1372

← 1 2 3 4 5 →