Three weaknesses in a simple three-party key exchange protocol

Information Sciences

Volumn 178, Issue 1, 2008, Pages 220-229

  Chung, Hao Rung ^a   Ku, Wei Chi ^b  

^a FU JEN CATHOLIC UNIVERSITY   (Taiwan)

^b NATIONAL TAICHUNG UNIVERSITY OF EDUCATION   (Taiwan)

Author keywords

Authenticated key exchange; Impersonation attack; Man in the middle attack; Password; Provable security

Indexed keywords

AUTHENTICATION; COMPUTER CRIME; SECURITY OF DATA;

AUTHENTICATED KEY EXCHANGE; IMPERSONATION ATTACK; MAN-IN-THE-MIDDLE ATTACK; PROVABLE SECURITY;

NETWORK PROTOCOLS;

EID: 34948903343     PISSN: 00200255     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ins.2007.08.004     Document Type: Article

References (17)

1. M. Abdalla, D. Pointcheval, Simple password-based encrypted key exchange protocols, in: Proc. CT-RSA'05, LNCS, vol. 3376, 2005, pp. 191-208.
2. M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in: Proc. First ACM Annual Conference on Computer and Communications Security, 1993, pp. 62-73.
3. M. Bellare, P. Rogaway, Entity authentication and key distribution, in: Proc. Crypto'93, LNCS, vol. 773, 1993, pp. 232-249.
4. M. Bellare, P. Rogaway, Provably secure session key distribution: the three party case, in: Proc. 27th ACM Symposium on the Theory of Computing, 1995, pp. 57-66.
5. M. Bellare, P. Pointcheval, P. Rogaway, Authenticated key exchange secure against dictionary attacks, in: Proc. Eurocrypt'00, LNCS, vol. 1807, 2000, pp. 139-155.
6. S.M. Bellovin, M. Merritt, Encrypted key exchange: password-based protocols secure against dictionary attacks, in: Proc. 1992 IEEE Symposium on Research in Security and Privacy, 1992, pp. 72-84.
7. Byun J.W., Lee D.H., and Lim J.I. EC2C-PAKA: an efficient client-to-client password-authenticated key agreement. Information Sciences (2007) 10.1016/j.ins.2007.03.024
8. Chang T.Y., Yang W.P., and Hwang M.S. Simple authenticated key agreement and protected password change protocol. Computers and Mathematics with Applications 49 5-6 (2005) 703-714
9. Choo K.-K.R., Boyd C., and Hitchcock Y. The importance of proofs of security for key establishment protocols: formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun protocols. Computer Communications 29 15 (2006) 2788-2797
10. Lee T.F., Hwang T., and Lin C.L. Enhanced three-party encrypted key exchange without server public keys. Computers Security 23 7 (2004) 571-577
11. Lin C.L., Wen H.A., Hwang T., and Sun H.M. Provably secure three-party password-authenticated key exchange, IEICE Transactions on Fundamentals of Electronics. Communications and Computer Sciences E87-A 11 (2004) 2990-3000
12. Lu R., and Cao Z. Simple three-party key exchange protocol. Computers Security 26 1 (2007) 94-97
13. Nam J., Lee Y., Kim S., and Won D. Security weakness in a three-party pairing-based protocol for password authenticated key exchange. Information Sciences 177 6 (2007) 1364-1375
14. Nam J., Paik J., Kim U.M., and Won D. Resource-aware protocols for authenticated group key exchange in integrated wired and wireless networks. Information Sciences (2007) 10.1016/j.ins.2007.06.002
15. Shim K., and Woo S.S. Cryptanalysis of tripartite and multi-party authenticated key agreement protocols. Information Sciences 177 4 (2007) 1143-1151
16. Wen H.A., Lee T.F., and Hwang T. Provably secure three-party password-based authenticated key exchange protocol using Weil pairing. IEE Proceedings - Communications 152 2 (2005) 138-143
17. Wen H.A., Lin C.L., and Hwang T. Provably secure authenticated key exchange protocols for low power computing clients. Computers Security 25 2 (2006) 106-113