Cryptanalysis of simple three-party key exchange protocol

被引：58

作者：

Guo, Hua ^{[1
]}

Li, Zhoujun ^{[1
]}

Mu, Yi ^{[2
]}

Zhang, Xiyong ^{[3
]}

机构：

[1] Beihang Univ, Sch Engn & Comp Sci, Beijing 100083, Peoples R China

[2] Univ Wollongong, Sch Comp Sci Software Engn, Ctr Comp & Informat Secur Res, Wollongong, NSW 2522, Australia

[3] Informat Engn Univ, Dept Appl Math, Zhengzhou 450002, Peoples R China

来源：

COMPUTERS & SECURITY | 2008年 / 27卷 / 1-2期

关键词：

password-authenticated key exchange; cryptanalysis; security; dictionary attack; man-in-the-middle attack;

D O I：

10.1016/j.cose.2008.03.001

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol. (c) 2008 Elsevier Ltd. All rights reserved.

引用

页码：16 / 21

页数：6

共 50 条

[41] Cryptanalysis and enhancements of efficient three-party password-based key exchange scheme
Wu, Shuhua
Chen, Kefei
Pu, Qiong
Zhu, Yuefei
INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2013, 26 (05) : 674 - 686
[42] A Secure Three-Party Authenticated Key Exchange Protocol for Social Networks
Sinha, Vivek Kumar
Anand, Divya
Alharithi, Fahd S.
Almulihi, Ahmed H.
CMC-COMPUTERS MATERIALS & CONTINUA, 2022, 71 (03): : 6293 - 6305
[43] Three-Party Password Authentication and Key Exchange Protocol Based on MLWE
Guo, Songhui
Song, Yunfan
Guo, Song
Yang, Yeming
Song, Shuaichao
SYMMETRY-BASEL, 2023, 15 (09):
[44] Improved key exchange protocol for three-party based on verifier authentication
Computer Center, Northeastern University, Shenyang 110004, China
不详
J. Southeast Univ. Engl. Ed., 2008, 3 (322-324):
[45] ON SECURITY OF A PRACTICAL THREE-PARTY KEY EXCHANGE PROTOCOL WITH ROUND EFfiCIENCY
Lee, Cheng-Chi
Chang, Ya-Fen
INFORMATION TECHNOLOGY AND CONTROL, 2008, 37 (04): : 333 - 335
[46] Verifiable three-party secure key exchange protocol based on eigenvalue
Zhang Y.
Wang Z.
Wang Z.
Chen H.
Tongxin Xuebao/Journal on Communications, 2019, 40 (12): : 149 - 154
[47] Enhancements of a Three-Party Password-Based Authenticated Key Exchange Protocol
Wu, Shuhua
Chen, Kefei
Zhu, Yuefei
INTERNATIONAL ARAB JOURNAL OF INFORMATION TECHNOLOGY, 2013, 10 (03) : 215 - 221
[48] An Efficient Three-Party Authentication Key Exchange Protocol for Wireless Sensor Networks
Li, Hongtu
Hu, Liang
Chu, Jianfeng
Chi, Ling
Li, Hongwei
SENSOR LETTERS, 2013, 11 (05) : 990 - 996
[49] An Efficient Password Security of Three-Party Key Exchange Protocol based on ECDLP
Kar, Jayaprakash
Majhi, Banshidhar
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2009, 3 (04): : 25 - 32
[50] Hybrid Protocol for Password-based Key Exchange in Three-party Setting
He Xinzheng
Ru Bei
Fei Jinlong
Xun Baocheng
NSWCTC 2009: INTERNATIONAL CONFERENCE ON NETWORKS SECURITY, WIRELESS COMMUNICATIONS AND TRUSTED COMPUTING, VOL 2, PROCEEDINGS, 2009, : 119 - +

← 1 2 3 4 5 →