Enhanced password-based simple three-party key exchange protocol

Choi, Jin-Young

doi:10.1016/j.compeleceng.2008.05.007

Cited by 49 publications

(30 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By security analysis, Huang claimed that the proposed HS-3PAKE protocol to be not only secure against various attacks, but also more efficient than the previously proposed 3PAKE protocols. However, this paper demonstrates that HS-3PAKE protocol is vulnerable to undetectable online password guessing attacks [9,10,15,16] and off-line password guessing attacks by any other user [11,14].…”

Section: Introductionmentioning

confidence: 94%

Cryptanalysis of a simple three‐party password‐based key exchange protocol

Yoon

Yoo

2011

Int J Communication

View full text Add to dashboard Cite

SUMMARYIn order to secure communications between two clients with a trusted server's help in public network environments, a three-party authenticated key exchange (3PAKE) protocol is used to provide the transaction confidentiality and the efficiency. In 2009, Huang proposed a simple three-party password-based authenticated key exchange (HS-3PAKE) protocol without any server's public key. By analysis, Huang claimed that the proposed HS-3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that HS-3PAKE protocol is vulnerable to undetectable online password guessing attacks and off-line password guessing attacks by any other user.

show abstract

Section: Introductionmentioning

confidence: 94%

Cryptanalysis of a simple three‐party password‐based key exchange protocol

Yoon

Yoo

2011

Int J Communication

View full text Add to dashboard Cite

show abstract

“…Many of these protocols have never been proven secure in any model [3,13,[17][18][19][20][21] and/or have been found to be vulnerable to some attack(s) [2,3,5,6,8,[18][19][20]23,[26][27][28][29][30][31][32]. Some protocols [2,11,12,15,23,24] have been proven secure only in a restricted model, in which the adversary is not allowed to corrupt protocol participants, and thus, no attacks by malicious clients can be captured.…”

Section: Introductionmentioning

confidence: 99%

“…A number of three-party PAKE protocols have been proposed over the last decade [2,3,5,6,[11][12][13][14][15][16][17][18][19][20][21][22][23][24][25]. Many of these protocols have never been proven secure in any model [3,13,[17][18][19][20][21] and/or have been found to be vulnerable to some attack(s) [2,3,5,6,8,[18][19][20]23,[26][27][28][29][30][31][32].…”

Section: Introductionmentioning

confidence: 99%

Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

et al. 2015

View full text Add to dashboard Cite

We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptions on the cryptographic primitives used. We also investigate the security of the two-round, three-party PAKE protocol of Wang, Hu and Li (2010) and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary.

show abstract

“…They claimed that their protocol can resist various attacks and is superior to similar protocols with respect to efficiency. Kim and Choi [13] found that the STPKE protocol is vulnerable to undetectable online password guessing attacks by using formal description and proposed an alternative protocol (STPKE' protocol).…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis on a Three Party Key Exchange Protocol-STPKE'

Tallapally¹,

Padmavathy²

2010

Journal of Information Processing Systems

View full text Add to dashboard Cite

Abstract-In the secure communication areas, three-party authenticated key exchange protocol is an important cryptographic technique. In this protocol, two clients will share a human-memorable password with a trusted server, in which two users can generate a secure session key. On the other hand the protocol should resist all types of password guessing attacks. Recently, STPKE' protocol has been proposed by Kim and Choi. An undetectable online password guessing attack on STPKE' protocol is presented in the current study. An alternative protocol to overcome undetectable online password guessing attacks is proposed. The results show that the proposed protocol can resist undetectable online password guessing attacks. Additionally, it achieves the same security level with reduced random numbers and without XOR operations. The computational efficiency is improved by ≈ 30% for problems of size ≈ 2048 bits. The proposed protocol is achieving better performance efficiency and withstands password guessing attacks. The results show that the proposed protocol is secure, efficient and practical.

show abstract

Enhanced password-based simple three-party key exchange protocol

Cited by 49 publications

References 18 publications

Cryptanalysis of a simple three‐party password‐based key exchange protocol

Cryptanalysis of a simple three‐party password‐based key exchange protocol

Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

Cryptanalysis on a Three Party Key Exchange Protocol-STPKE'

Contact Info

Product

Resources

About