Security enhancement for a three-party encrypted key exchange protocol against undetectable on-line password guessing attacks

“…Moreover, in some sense, this obviates the reason for considering password-based protocols in the first place: namely, that human users cannot remember or securely store long, high-entropy keys. Therefore, some people [12,14,30,33] have attempted to propose some 3PAKE protocols without server public keys. But they still require symmetric cryptosystems such as DES, Rijndael, etc.…”

Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol

“…Moreover, in some sense, this obviates the reason for considering password-based protocols in the first place: namely, that human users cannot remember or securely store long, high-entropy keys. Therefore, some people [12,14,30,33] have attempted to propose some 3PAKE protocols without server public keys. But they still require symmetric cryptosystems such as DES, Rijndael, etc.…”

Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol

“…With server public keys Security analysis GLNS-3PAKE [13] Yes Yes Heuristic STW-3PAKE [29] Yes Yes Heuristic G-3PAKE [12] Yes Yes Heuristic KKJS-3PAKE [19] Yes Yes Heuristic LSH-3PAKE [22] Yes Yes Heuristic LWHS-3PAKE [24] Yes Yes Provable YS-3PAKE [36] Yes Yes Heuristic WLH-3PAKE [33] Yes Yes Provable SCH-3PAKE [30] Yes Yes Heuristic LSSH-3PAKE [23] Yes No Heuristic LHL-3PAKE [20] Yes No Heuristic CC-3PAKE [5] Yes No Heuristic LC-3PAKE [25] No No Heuristic CCLC-3PAKE [8] Yes No Heuristic LLSYC-3PAKE [8] Yes Yes Heuristic CW-3PAKE [9] No Yes Provable…”

“…If the server needs to store any more secrets, then we would have a higher probability of breaking the scheme. In 2008, Chen et al [8] pointed out that CC-3PAKE suffers from undetectable on-line password guessing attacks and repaired this security flaw, termed CCLC-3PAKE. However, it still has the disadvantages mentioned in CC-3PAKE.…”

A communication-efficient three-party password authenticated key exchange protocol

“…Considering the disadvantage of asymmetric key encryption, Steiner et al [17] proposed the first password-based three-party encrypted key exchange protocol (3PEKE) in which a online TTP exists to allow mutual authentication between two communication parties without asymmetric encryption algorithm which is adopted to reduce the costs. Later a number of schemes [4,5,6,7,8,14,IS,16] extend EKE protocol to a multi-party version, but mutual authentication provided by these protocol is dependent of TIP which are unsuitable for wireless Ad Hoc networks, because the TTP may be out of reach or unavailable to some of the nodes resulting from communication range limitations, network dynamics and lack of a prior deployment knowledge. Asokan and Ginzboorg [2] proposed a multi-party passwordbased key agreement protocol independent of TTP authentication using Diffie-Hellman encrypted key exchange [18], but it is vulnerable to man-in-middle attacks.…”

Efficient Password-Proven Key Exchange Protocol against Relay Attack on Ad Hoc Networks