Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Information Sciences

Volumn 178, Issue 13, 2008, Pages 2849-2856

  Phan, Raphael C W ^a   Yau, Wei Chuen ^b   Goi, Bok Min ^b  

^a LOUGHBOROUGH UNIVERSITY   (United Kingdom)

^b MULTIMEDIA UNIVERSITY   (Malaysia)

Author keywords

Attacks; Cryptanalysis; Password authenticated key exchange; Provable security; Three party; Undetectable online dictionary; Unknown key share

Indexed keywords

AUTHENTICATION; INFORMATION SCIENCE; INTRUSION DETECTION; ONLINE SYSTEMS;

CRYPTANALYSIS; PASSWORD AUTHENTICATED KEY EXCHANGE; PROVABLE SECURITY; SECRET KEYS; THREE PARTY KEY EXCHANGE PROTOCOLS; UNDETECTABLE ONLINE DICTIONARIES; UNKNOWN KEY SHARE;

PUBLIC KEY CRYPTOGRAPHY;

EID: 42649086478     PISSN: 00200255     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ins.2008.02.008     Document Type: Article

References (37)

1. Abadi M. Explicit communication revisited: two new attacks on authentication protocols. IEEE Transactions on Software Engineering 23 3 (1997) 185-186
2. M. Abdalla, P.-A. Fouque, D. Pointcheval, Password-based authenticated key exchange in the three-party setting, in: Proceedings of the PKC'05, LNCS, vol. 3386, 2005, pp. 65-84.
3. Abdalla M., Fouque P.-A., and Pointcheval D. Password-based authenticated key exchange in the three-party setting. IET Information Security 153 1 (2006) 27-39
4. M. Abdalla, D. Pointcheval, Simple password-based encrypted key exchange protocols, in: Proceedings of the CT-RSA'05, LNCS, vol. 3376, 2005, pp. 191-208.
5. M. Abdalla, D. Pointcheval, Interactive Diffie-Hellman assumptions with applications to password-based authentication, in: Proceedings of the FC'05, LNCS, vol. 3570, 2005, pp. 341-356.
6. M. Abdalla, D. Pointcheval, Interactive Diffie-Hellman assumptions with applications to password-based authentication. Full version of [5] .
7. Anderson R. Security Engineering - A Guide to Building Dependable Distributed Systems (2001), Wiley, USA
8. M. Bellare, P. Rogaway, Entity authentication and key distribution, in: Advances in Cryptology - Crypto'93, LNCS, vol. 773, 1993, pp. 232-249.
9. M. Bellare, P. Rogaway, Provably secure session key distribution: the three party case, in: Proceedings of the ACM Symposium on the Theory of Computing (STOC'95), 1995, pp. 57-66.
10. M. Bellare, D. Pointcheval, P. Rogaway, Authenticated key exchange secure against dictionary attacks, in: Advances in Cryptology - Eurocrypt'00, LNCS, vol. 1807, 2000, pp. 139-155.
11. S. Bellovin, M. Merritt, Encrypted key exchange: passwords based protocols secure against dictionary attacks, in: Proceedings of the IEEE Symposium on Security and Privacy'92, 1992, pp. 72-84.
12. J.W. Byun, I.R. Jeong, D.H. Lee, C.S. Park, Password-authenticated key exchange between clients with different passwords, in: Proceedings of the ICICS'02, LNCS, vol. 2513, 2002, pp. 134-146.
13. Chang C.-C., and Chang Y.-F. A novel three-party encrypted key exchange protocol. Computer Standards and Interfaces 26 5 (2004) 471-476
14. K.-K.R. Choo, C. Boyd, Y. Hitchcock, Examining indistinguishability-based proof models for key establishment protocols, in: Advances in Cryptology - Asiacrypt'05, LNCS, vol. 3788, 2005, pp. 585-604.
15. K.-K.R. Choo, C. Boyd, Y. Hitchcock, Errors in computational complexity proofs for protocols, in: Advances in Cryptology - Asiacrypt'05, LNCS, vol. 3788, 2005, pp. 624-643.
16. Chung H.-R., and Ku W.-C. Three weaknesses in a simple three-party key exchange protocol. Information Sciences 178 1 (2008) 220-229
17. Diffie W., van Oorschot P.C., and Wiener M.J. Authentication and authenticated key exchanges. Design, Codes and Cryptography 2 2 (1992) 107-125
18. Ding Y., and Horster P. Undetectable On-line Password Guessing Attacks. ACM Operating Systems Review 29 4 (1995) 77-86
19. R. Gennaro, Y. Lindell, A framework for password-based authenticated key exchange, in: Advances in Cryptology - Eurocrypt'03, LNCS, vol. 2656, 2003, pp. 524-543.
20. Gennaro R., and Lindell Y. A framework for password-based authenticated key exchange. ACM Transactions on Information and System Security (TISSEC) 9 2 (2006) 181-234
21. Kaliski Jr. B.S. An unknown key-share attack on the MQV key agreement protocol. ACM Transactions on Information and System Security (TISSEC) 4 3 (2001) 275-288
22. J. Katz, J.S. Shin, Modeling insider attacks on group-key exchange protocols, in: Proceedings of the ACM-CCS'05, 2005, pp. 180-189.
23. S. Katzenbeisser, On the Integration of watermarks and cryptography, in: Proceedings of the IWDW'03, LNCS, vol. 2939, 2003, pp. 50-60.
24. J. Kim, S. Kim, J. Kwak, D. Won, Cryptanalysis and improvement of password-authenticated key exchange scheme between clients with different passwords, in: Proceedings of the ICCSA'04, LNCS, vol. 3043, 2004, pp. 895-902.
25. S. Kim, H. Lee H. Oh, Enhanced ID-based authenticated key agreement protocols for a multiple independent PKG environment, in: Proceedings of the ICICS'05, LNCS, vol. 3783, 2005, pp. 323-336.
26. Lee T.-F., Hwang T., and Lin C.-L. Enhanced three-party encrypted key exchange without server public keys. Computers and Security 23 7 (2004) 571-577
27. Lin C.-L., Sun H.-M., and Hwang T. Three party-encrypted key exchange: attacks and a solution. ACM Operating Systems Review 34 4 (2000) 12-20
28. Lin C.-L., Sun H.-M., Steiner M., and Hwang T. Three-party encrypted key exchange without server public-keys. IEEE Communication Letters 5 12 (2001) 497-499
29. Lee S.W., Kim H.S., and Yoo K.Y. Efficient verifier-based key agreement protocol for three parties without servers public key. Applied Mathematics and Computation 167 2 (2005) 996-1003
30. Lu R., and Cao Z. Simple three-party key exchange protocol. Computers and Security 26 (2007) 94-97
31. Nam J., Lee Y., Kim S., and Won D. Security weakness in a three-party pairing-based protocol for password authenticated key exchange. Information Sciences 177 6 (2007) 1364-1375
32. R.C.-W. Phan, B.-M. Goi, Cryptanalysis of the N-party encrypted Diffie-Hellman key exchange using different passwords, in: Proceedings of the ACNS'06, LNCS, vol. 3989, 2006, pp. 226-238.
33. R.C.-W. Phan, B.-M. Goi. Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols, in: Proceedings of the Indocrypt'06, LNCS, vol. 4329, 2006, pp. 104-117.
34. Sun H.-M., Chen B.-C., and Hwang T. Secure key agreement protocols for three-party against guessing attacks. The Journal of Systems and Software 75 (2005) 63-68
35. Steiner M., Tsudik G., and Waidner M. Refinement and extension of encrypted key exchange. ACM Operating Systems Review 29 3 (1995) 22-30
36. J. Stern, Why provable security matters? in: Advances in Cryptology - Eurocrypt'03, LNCS, vol. 2656, 2003, pp. 449-461.
37. E.-J. Yoon, K.-Y. Yoo, Cryptanalysis of two user identification schemes with key distribution preserving anonymity, in: Proceedings of the ICICS'05, LNCS, vol. 3783, 2005, pp. 315-322.