Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol

Journal of Supercomputing

Volumn 66, Issue 2, 2013, Pages 863-874

  Tso, Raylin ^a  

^a NATIONAL CHENGCHI UNIVERSITY   (Taiwan)

Author keywords

Dictionary attack; Key exchange; Password based authentication; Security analysis

Indexed keywords

AUTHENTICATION; SECURITY SYSTEMS;

DICTIONARY ATTACK; KEY EXCHANGE; PASSWORD AUTHENTICATED KEY EXCHANGE PROTOCOLS; PASSWORD-AUTHENTICATED KEY EXCHANGE; PASSWORD-BASED AUTHENTICATION; PUBLIC NETWORKS; SECURITY ANALYSIS; SECURITY FLAWS;

NETWORK SECURITY;

EID: 84888013229     PISSN: 09208542     EISSN: 15730484     Source Type: Journal    
DOI: 10.1007/s11227-013-0917-8     Document Type: Article

References (21)

1. Bellare M, Rogaway P (1993) Entity authentication and key distribution. In: Advances in cryptology (CRYPTO '93), pp 232-249
2. Bellovin SM, Merritt M (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE computer society conference on research in security and privacy, pp 72-84
3. Chang CC, Chang YF (2004) A novel three-party encrypted key exchange protocol. Comput Stand Interfaces 26(5):471-476
4. Chang TY, Hwang MS, Yang WP (2011) A communication-efficient three-party password authenticated key exchange protocol. Inf Sci 181:217-226
5. Chien HY, Wu TC (2009) Provably secure password-based three-party key exchange with optimal message steps. Comput J 52(6):646-655
6. Chung HR, Ku WC (2008) Three weaknesses in a simple three-party key exchange protocol. Inf Sci 178(1):220-229
7. Ding Y, Horster P (1995) Undetectable on-line password guessing attacks. Oper Syst Rev 29(3):22-30
8. Gong L (1995) Optimal authentication protocols resistant to password guessing attacks. In: Proceedings of 8th IEEE computer security foundation workshop, pp 24-29
9. Gong L, Lomas M, Needham R, Saltzer J (1993) Protecting poorly chosen secrets from guessing attacks. IEEE J Sel Areas Commun 11(5):648-656
10. Joux A (2000) A one round protocol for tripartite Diffie-Hellman. In: Proceedings of the 4th algorithmic number theory symposium (ANTS IV)
11. Kim HS, Choi JY (2009) Enhanced password-based simple three-party key exchange protocol. Comput Electr Eng 35(1):107-114
12. Kwon T, Kang M, Jung S, Song J (1999) An improvement of the password-based authentication protocol K1P on security against replay attacks. IEICE Trans Commun E82-B(7):991-997
13. Lee TF, Liu JL, Sung MJ, Yang SB, Chen CM (2009) Communication-efficient three-party protocols for authentication and key agreement. Comput Math Appl 58:641-648
14. Lin CL, Sun HM, Hwang T (2000) Three-party encrypted key exchange: attacks and a solution. Oper Syst Rev 34(4):12-20
15. Lin CL, Sun HM, Steiner M, Hwang T (2001) Three-party encrypted key exchange without server public-keys. IEEE Commun Lett 5(12):497-499
16. Nam J, Lee Y, Kim S, Won D (2007) Security weakness in a three-party pairing-based protocol for password authenticated key exchange. Inf Sci 177(6):1364-1375
17. Nam J, Paik J, Kang HK, Kim UM, Won D (2009) An off-line dictionary attack on a simple three-party key exchange protocol. IEEE Commun Lett 13(3):205-207
18. Steiner M, Tsudik G, Waidner M (1995) Refinement and extension of encrypted key exchange. Oper Syst Rev 29(3):22-30
19. Sun HM, Chen BC, Hwang T (2005) Secure key agreement protocols for three-party against guessing attacks. J Syst Softw 75(1-2):63-68
20. Wen HA, Lee TF, Hwang T (2005) Provably secure three-party password-based authenticated key exchange protocol using Weil pairing. IEE Proc, Commun 152(2):138-143
21. Yeh HT, Sun HM (2004) Password-based user authentication and key distribution protocols for client-server applications. J Syst Softw 72(1):97-103