Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol

Information Sciences

Volumn 215, Issue , 2012, Pages 83-96

  Wu, Shuhua ^a,b   Pu, Qiong ^c   Wang, Shengbao ^d   He, Debiao ^e  

^a INFORMATION ENGINEERING UNIVERSITY   (China)

^b UNIVERSITY OF CHINESE ACADEMY OF SCIENCES   (China)

^c TONGJI UNIVERSITY   (China)

^d BEIJING UNIVERSITY OF POSTS AND TELECOMMUNICATIONS   (China)

^e WUHAN UNIVERSITY   (China)

Author keywords

Authenticated key exchange; Dictionary attack; Password based; Three party

Indexed keywords

AUTHENTICATED KEY EXCHANGE; DICTIONARY ATTACK; PASSWORD AUTHENTICATED KEY EXCHANGE PROTOCOLS; PASSWORD-BASED; THREE-PARTY;

COMMUNICATION; COMPUTER CRIME;

AUTHENTICATION;

EID: 84864760957     PISSN: 00200255     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ins.2012.06.005     Document Type: Article

References (47)

1. M. Abdalla, M. Bellare, P. Rogaway, The oracle Diffie-Hellman assumptions and an analysis of DHIES, in: Proceedings of CT-RSA'01, 2001, pp. 143-158.
2. M. Abdalla, E. Bresson, O. Chevassut, B. Möller, D. Pointcheval, Provably secure password-based authentication in TLS, in: Proceedings of AsiaCCS'06, 2006, pp. 35-45.
3. M. Abdalla, O. Chevassut, D. Pointcheval, One-time verifier-based encrypted key exchange, in: Proceedings of the 8th International Workshop on Theory and Practice in Public Key (PKC '05), LNCS 3386, 2005, pp. 47-64.
4. M. Abdalla, P.-A. Fouque, D. Pointcheval, Password-based authenticated key exchange in the three-party setting, in: Proceedings of PKC'05, LNCS 3386, 2005, pp. 65-84. (Full version appeared in IEE Information Security 153(1) (2006) 27-39).
5. M. Abdalla, D. Pointcheval, Simple Password-Based Encrypted Key Exchange Protocols, in: Proceedings of Topics in Cryptology - CT-RSA'05, LNCS 3376, 2005, pp. 191-208.
6. M. Abdalla, D. Pointcheval, Interactive Diffie-Hellman assumptions with Applications to Password-based Authentication, in: Proceedings of FC'05, LNCS 3570, 2005, pp. 341-356.
7. Atmel Corporation. < http://www.atmel.com/ >.
8. M. Bellare, D. Pointcheval, P. Rogaway, Authenticated key exchange secure against dictionary attacks, in: Proceedings of Advances in Cryptology - EUROCRYPT'00, LNCS 1807, 2000, pp. 139-155.
9. C. Boyd, P. Montague, K. Nguyen, Elliptic Curve Based Password Authenticated Key Exchange Protocols, in: Proceedings of 28th Australasian Conference on Information Security and Privacy - ACISP'01, LNCS 2119, 2001, pp. 487-501.
10. V. Boyko, P.D. MacKenzie, S. Patel, Provably secure password- authenticated key exchange using Diffie-Hellman, in: Proceedings of Advances in Cryptology - EUROCRYPT'00, LNCS 1807, 2000, pp. 156-171.
11. E. Bresson, O. Chevassut, D. Pointcheval, New security results on encrypted key exchange, in: Proceedings of PKC'04: 7th International Workshop on Theory and Practice in Public Key Cryptography, LNCS 2947, 2004, pp. 145-158.
12. C.C. Chang, and Y.F. Chang A novel three-party encrypted key exchange protocol Computer Standards & Interfaces 26 5 2004 471 476
13. T.-Y. Chang, M-S. Hwang, and W-P. Yang A communication-efficient three-party password authenticated key exchange protocol Information Sciences 2010 10.1016/j.ins.2010.08.032
14. H.B. Chen, T.H. Chen, W.B. Lee, and C.C. Chang Security enhancement for a three-party encrypted key exchange protocol against undectectable on-line password guessing attacks Computer Standards & Interfaces 30 1-2 2008 95 99
15. H.Y. Chien, and T.C. Wu Provably secure password-based three-party key exchange with optimal message steps Computer Journal 52 6 2009 646 655
16. K.-K.R. Choo, C. Boyd, Y. Hitchcock, Examining indistinguishability-based proof models for key establishment protocols, in: Proceedings of ASIACRYPT'05, LNCS 3788, 2005, pp. 585-604.
17. H.R. Chung, and W.C. Ku Three weaknesses in a simple three-party key exchange protocol Information Sciences 178 1 2008 220 229
18. Y. Ding, and P. Horster Undetectable on-line password guessing attacks ACM Operating Systems Review 29 4 1995 77 86
19. R. Gennaro, Y. Lindell, A framework for password-based authenticated key exchange, in: Proceedings of Advances in Cryptology - EUROCRYPT'03, LNCS 2656, 2003, pp. 524-543.
20. O. Goldreich, Y. Lindell, Session-key generation using human passwords only, in: Proceedings of Advances in Cryptology - CRYPTO'01, LNCS 2139, 2001, pp. 408-432.
21. L. Gong, Optimal authentication protocols resistant to password guessing attacks, in: Proceedings of 8th IEEE Computer Security Foundation Workshop, 1995, pp. 24-29.
22. L. Gong, M. Lomas, R. Needham, and J. Saltzer Protecting poorly choosen secrets from guessing attacks IEEE Journal on Selected Areas in Communications 11 5 1993 648 656
23. N. Gura, A. Patel, A. Wander, H. Eberle, S.C. Shantz, Computing Elliptic Curve Cryptography and RSA on bit CPUs, in: Proceedings of CHES'04, 2004.
24. S. Halevi, and H. Krawczyk Public-key cryptography and password protocols ACM Transactions on Information and System Security 2 3 1999 230 268
25. D. Hankerson, A. Menezes, and S. Vanstone Guide to Elliptic Curve Cryptography 2004 Springer-Verlag New York, USA
26. H.S. Kim, and J.Y. Choi Enhanced password-based simple three-party key exchange protocol Computers & Electrical Engineering 35 1 2009 107 114
27. N. Koblitz Elliptic curve cryptosystem Mathematics of Computation 48 1987 203 209
28. T. Kwon, M. Kang, S. Jung, and J. Song An improvement of the password-based authentication protocol K1P on security against replay attacks IEICE Transactions on Communications E82-B 7 1999 991 997
29. T.-F. Lee, and T. Hwang Simple password-based three-party authenticated key exchange without server public keys Information Sciences 2010 10.1016/j.ins.2010.01.005
30. T.F. Lee, T. Hwang, and C.L. Lin A novel three-party encrypted key exchange protocol Computers & Security 23 2004 571 577
31. T.F. Lee, J.L. Liu, M.J. Sung, S.B. Yang, and C.M. Chen Communication-efficient three-party protocols for authentication and key agreement Computers & Mathematics with Applications 58 4 2009 641 648
32. C.L. Lin, H.M. Sun, and T. Hwang Three-party encrypted key exchange: attacks and a solution ACM Operating Systems Review 34 4 2000 12 20
33. C.L. Lin, H.M. Sun, M. Steiner, and T. Hwang Three-party encrypted key exchange without server public-keys IEEE Communications Letters 5 12 2001 497 499
34. C.L. Lin, H.A. Wen, T. Hwang, and H.M. Sun Provably secure threeparty password-authenticated key exchange IEICE Transaction On Fundamentals E87-A 11 2004 2990 3000
35. D.-C. Lou, and H.-F. Huang Efficient three-party password-based key exchange scheme International Journal of Communication Systems 2010 10.1002/dac.1172
36. R. Lu, and Z. Cao Simple three-party key exchange protocol Computers & Security 26 1 2007 94 97
37. P.D. MacKenzie, S. Patel, R. Swaminathan, Password-authenticated key exchange based on RSA, in: Proceedings of Advances in Cryptology - ASIACRYPT'00, LNCS 1976, 2000, pp. 599-613.
38. J. Nam, J. Paik, H.K. Kang, U.M. Kim, and D. Won An off-line dictionary attack on a simple three-party key exchange protocol IEEE Communications Letters 13 3 2009 205 207
39. J. Nam, J. Paik, and D. Won A security weakness in Abdalla et al.'s generic construction of a group key exchange protocol Information Sciences 181 1 2011 234 238
40. T. Okamoto, D. Pointcheval, The gap-problems: a new class of problems for the security of cryptographic schemes, in: Proceedings of PKC'01, 2001, pp. 104-118.
41. W. Stallings Cryptography and Network Security: Principles and Practice fourth ed. 2005 Prentice Hall
42. M. Steiner, G. Tsudik, and M. Waidner Refinement and extension of encrypted key exchange ACM Operating Systems Review 29 3 1995 22 30
43. H.M. Sun, B.C. Chen, and T. Hwang Secure key agreement protocols for three-party against guessing attacks Journal of Systems and Software 75 1-2 2005 63 68
44. H.A. Wen, T.F. Lee, and T. Hwang Provably secure three-party password-based authenticated key exchange protocol using weil pairing IEE Proceedings - Communications 152 2 2005 138 143
45. H.T. Yeh, and H.M. Sun Password-based user authentication and key distribution protocols for client-server applications Journal of Systems and Software 72 1 2004 97 103
46. J. Zhao, and Dawu Gu Provably secure three-party password-based authenticated key exchange protocol Information Sciences 184 1 2012 310 323
47. L. Zhang, Q. Wu, B. Qin, and J. Domingo-Ferrer Provably secure one-round identity-based authenticated asymmetric group key agreement protocol Information Sciences 2011 10.1016/j.ins.2011.05.009