Cryptanalysis of simple three-party key exchange protocol

被引:58
|
作者
Guo, Hua [1 ]
Li, Zhoujun [1 ]
Mu, Yi [2 ]
Zhang, Xiyong [3 ]
机构
[1] Beihang Univ, Sch Engn & Comp Sci, Beijing 100083, Peoples R China
[2] Univ Wollongong, Sch Comp Sci Software Engn, Ctr Comp & Informat Secur Res, Wollongong, NSW 2522, Australia
[3] Informat Engn Univ, Dept Appl Math, Zhengzhou 450002, Peoples R China
来源
COMPUTERS & SECURITY | 2008年 / 27卷 / 1-2期
关键词
password-authenticated key exchange; cryptanalysis; security; dictionary attack; man-in-the-middle attack;
D O I
10.1016/j.cose.2008.03.001
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol. (c) 2008 Elsevier Ltd. All rights reserved.
引用
收藏
页码:16 / 21
页数:6
相关论文
共 50 条
  • [31] Improving the novel three-party encrypted key exchange protocol
    Yoon, Eun-Jun
    Yoo, Kee-Young
    COMPUTER STANDARDS & INTERFACES, 2008, 30 (05) : 309 - 314
  • [32] Cryptanalysis of an efficient three-party password-based key exchange scheme
    Simplicio, Marcos A., Jr.
    Sakuragui, Rony R. M.
    INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2012, 25 (11) : 1443 - 1449
  • [33] Cryptanalysis of an efficient three-party password-based key exchange scheme
    Yoon, Eun-Jun
    Yoo, Kee-Young
    2012 INTERNATIONAL WORKSHOP ON INFORMATION AND ELECTRONICS ENGINEERING, 2012, 29 : 3972 - 3979
  • [34] Cryptanalysis on a Three Party Key Exchange Protocol-STPKE'
    Tallapally, Shirisha
    Padmavathy, R.
    JOURNAL OF INFORMATION PROCESSING SYSTEMS, 2010, 6 (01): : 43 - 52
  • [35] A new secure three-party authenticated key exchange protocol
    Xi'an Communications Institute, Xi'an 710106, Shannxi, China
    Int. Rev. Comput. Softw., 7 (3633-3638):
  • [36] A practical three-party key exchange protocol with round efficiency
    Chang, Ya-Fen
    INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2008, 4 (04): : 953 - 960
  • [37] On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys
    Nam, Junghyun
    Choo, Kim-Kwang Raymond
    Park, Minkyu
    Paik, Juryon
    Won, Dongho
    SCIENTIFIC WORLD JOURNAL, 2014,
  • [38] Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials
    Zhao, Fengjun
    Gong, Peng
    Li, Shuai
    Li, Mingguan
    Li, Ping
    NONLINEAR DYNAMICS, 2013, 74 (1-2) : 419 - 427
  • [39] Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials
    Fengjun Zhao
    Peng Gong
    Shuai Li
    Mingguan Li
    Ping Li
    Nonlinear Dynamics, 2013, 74 : 419 - 427
  • [40] A Computation-Efficient Three-Party Encrypted Key Exchange Protocol
    Lee, Cheng-Chi
    Chen, Shun-Der
    Chen, Chin-Ling
    APPLIED MATHEMATICS & INFORMATION SCIENCES, 2012, 6 (03): : 573 - 579
12345