Enhanced password-based simple three-party key exchange protocol

被引:35
|
作者
Kim, Hyun-Seok [1 ]
Choi, Jin-Young [1 ]
机构
[1] Korea Univ, Dept Comp Sci & Engn, Seoul 136701, South Korea
来源
COMPUTERS & ELECTRICAL ENGINEERING | 2009年 / 35卷 / 01期
关键词
Password-based key exchange protocol; Undetectable on-line guessing attack; BPR model; SECURE; AGREEMENT;
D O I
10.1016/j.compeleceng.2008.05.007
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Recently, Lu and Cao proposed a simple three-party password-based key exchange (STPKE) protocol based on the CCDH assumption. They claimed that their protocol is secure, efficient, and practical. In this paper, unlike their claims, we find that the STPKE protocol is still vulnerable to undetectable on-line password guessing attacks by using formal description, BPR model. These weakness is due to the fact that the messages of the communicants are not appropriately encrypted into the exchanged cryptographic messages. To enhance the security of the STPKE protocol, we suggest a countermeasure to resist our described attacks while the merits of the original protocol are left unchanged. (C) 2008 Elsevier Ltd. All rights reserved.
引用
收藏
页码:107 / 114
页数:8
相关论文
共 50 条
  • [1] A simple three-party password-based key exchange protocol
    Huang, Hui-Feng
    [J]. INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2009, 22 (07) : 857 - 862
  • [2] On a simple three-party password-based key exchange protocol'
    Lin, Ching-Ying
    Hwang, Tzonelih
    [J]. INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2011, 24 (11) : 1520 - 1532
  • [3] Cryptanalysis of a simple three-party password-based key exchange protocol
    Yoon, Eun-Jun
    Yoo, Kee-Young
    [J]. INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2011, 24 (04) : 532 - 542
  • [4] Simple three-party password-based key exchange protocol with provable security
    [J]. 1600, Acta Press (35):
  • [5] Enhancements of a Three-Party Password-Based Authenticated Key Exchange Protocol
    Wu, Shuhua
    Chen, Kefei
    Zhu, Yuefei
    [J]. INTERNATIONAL ARAB JOURNAL OF INFORMATION TECHNOLOGY, 2013, 10 (03) : 215 - 221
  • [6] Efficient three-party password-based authenticated key exchange protocol
    [J]. Xu, C.-X., 1600, Univ. of Electronic Science and Technology of China (41):
  • [7] Strongly password-based three-party authenticated key exchange protocol
    Lin, Yuanhui
    Hou, Mengbo
    Xu, Qiuliang
    [J]. 2013 9TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY (CIS), 2013, : 555 - 558
  • [8] Hybrid Protocol for Password-based Key Exchange in Three-party Setting
    He Xinzheng
    Ru Bei
    Fei Jinlong
    Xun Baocheng
    [J]. NSWCTC 2009: INTERNATIONAL CONFERENCE ON NETWORKS SECURITY, WIRELESS COMMUNICATIONS AND TRUSTED COMPUTING, VOL 2, PROCEEDINGS, 2009, : 119 - +
  • [9] Cryptanalysis of a three-party password-based authenticated key exchange protocol
    [J]. He, D. (hedebiao@163.com), 1600, Femto Technique Co., Ltd. (16):
  • [10] Provably secure three-party password-based authenticated key exchange protocol
    Zhao, Jianjie
    Gu, Dawu
    [J]. INFORMATION SCIENCES, 2012, 184 (01) : 310 - 323
12345