Efficient three-party authentication and key agreement protocols resistant to password guessing attacks

Journal of Information Science and Engineering

Volumn 19, Issue 6, 2003, Pages 1059-1070

  Yeh, Her Tyan ^a   Sun, Hung Min ^b   Hwang, Tzonelih ^c  

^a SOUTHERN TAIWAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Taiwan)

^b NATIONAL TSING HUA UNIVERSITY   (Taiwan)

^c NATIONAL CHENG KUNG UNIVERSITY   (Taiwan)

Author keywords

Authentication; Key agreement; Network protocol; Password guessing attack; Perfect forward secrecy

Indexed keywords

CLIENT SERVER COMPUTER SYSTEMS; CRYPTOGRAPHY; DATA PRIVACY; DATABASE SYSTEMS; NETWORK PROTOCOLS; ONLINE SYSTEMS;

KEY AGREEMENT; PASSWORD GUESSING ATTACKS; PERFECT FORWARD SECRECY; PLAINTEXT EQUIVALENT MECHANISM; THREE PARTY AUTHENTICATION;

SECURITY OF DATA;

EID: 0345098454     PISSN: 10162364     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (17)

1. S. Bellovin and M. Merritt, "Encrypted key exchange: password-based protocols secure against dictionary attacks," in Proceedings of IEEE Symposium on Research in Security and Privacy, 1992, pp. 72-84.
2. S. Bellovin and M. Merritt, "Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise," AT&T Bell Laboratories, 1993.
3. D. Jablon, "Strong password-only authentication key exchange," Computer Communication Review, Vol. 26, 1996, pp. 5-26.
4. D. Jablon, "Extended password key exchange protocols immune to dictionary attack," in Proceedings of the WETICE Workshop on Enterprise Security, 1997, pp. 248-255.
5. S. Lucks, "Open key exchange: how to defeat dictionary attacks without encrypting public keys," in Proceedings of the Security Protocol Workshop '97, 1997, pp. 79-90.
6. T. Wu, "The secure remote password protocol," Internet Society Symposium on Network and Distributed System Security, 1998, pp. 97-111.
7. L. Gong, M. Lomas, R. Needham, and J. Saltzer, "Protecting poorly chosen secrets from guessing attacks," IEEE Journal on Selected Areas in Communications, 11, 1993, pp. 648-656.
8. M. Steiner, G. Tsudik, and M. Waidner, "Refinement and extension of encrypted key exchange," Operating Systems Review, Vol. 29, 1995, pp. 22-30.
9. Y. Ding and P. Horster, "Undetectable on-line password guessing attacks," Operating System Review, Vol. 29, 1995, pp. 77-86.
10. C. L. Lin, H. M. Sun, and T. Hwang, "Three-party encrypted key exchange: attacks and a solution," ACM Operating Systems Review, Vol. 34, 2000, pp. 12-20.
11. L. Gong, "Optimal authentication protocols resistant to password guessing attacks," in Proceedings of the 8th IEEE Computer Security Fundation Workshop, 1995, pp. 24-29.
12. T. Kwon, M. Kang, and J. Song, "An adaptable and reliable authentication protocol for communication networks," in Proceedings of IEEE INFOCOM 97, 1997, pp. 738-745.
13. T. Kwon and J. Song, "Efficient key exchange and authentication protocol protecting weak secrets," IEICE Transactions on Fundamentals, Vol. E81-A, 1998, pp. 156-163.
14. T. Kwon, M. Kang, S. Jung, and J. Song, "An improvement of the password-based authentication protocol (K1P) on security against replay attacks," IEICE Transactions on Communications, Vol. E82-B, 1999, pp. 991-997.
15. S. Keung and K. Siu, "Efficient protocols secure against guessing and replay attacks," in Proceedings of the Fourth International Conference on Computer Communications and Networks, 1995, pp. 105-112.
16. T. Kwon and J. Song, "Authentication key exchange protocols resistant to password guessing attacks," IEE Communications, Vol. 145, 1998, pp. 304-308.
17. W. Diffie and M. E. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, Vol. IT-11, 1976, pp. 644-654.