Abstract
Recently, Guo et al. discovered some security flaws of the simple three-party key exchange protocol proposed by Lu and Cao, and proposed an improved protocol. Independently, Chung and Ku also showed some weaknesses of Lu and Cao’s protocol, and provided an improved protocol. In this paper, we review some insecurity of Lu and Cao’s protocol and analyze two improved protocols proposed by Guo et al. and Chung and Ku. Then we show that the protocols are still insecure. They are vulnerable to an adversary who performs an off-line password guessing attack. We provide a countermeasure by performing detailed analysis on the security flaws in two improved protocols. We also propose a secure three-party password-authenticated key exchange protocol which requires three rounds.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Abdalla, M., & Pointcheval, D. (2005). Simple password-based encrypted key exchange protocols. In LNCS: Vol. 3376. Proc. of CT-RSA’05 (pp. 191–208). Berlin: Springer.
Abdalla, M., Fouque, P.-A., & Pointcheval, D. (2005). Password-based authenticated key exchange in the three-party setting. In LNCS: Vol. 3386. Proc. of PKC’05 (pp. 65–84). Berlin: Springer.
Bellovin, S. M., & Merritt, M. (1992). Encrypted key exchange: password-based protocols secure against dictionary attacks. In Proc. of 1992 IEEE symposium on research in security and privacy (pp. 72–84).
Byun, J. W., Jeong, I. R., Lee, D. H., & Park, C.-S. (2002). Password-authenticated key exchange between clients with different passwords. In LNCS: Vol. 2513. Proc. of ICICS’02 (pp. 134–146). Berlin: Springer.
Chang, C.-C., & Chang, Y.-F. (2004). A novel three-party encrypted key exchange protocol. Computer Standards & Interfaces, 26(5), 471–476.
Chung, H.-R., & Ku, W.-C. (2008). Three weaknesses in a simple three-party key exchange protocol. Information Sciences, 178(1), 220–229.
Guo, H., Li, Z., Mu, Y., & Zhang, X. (2008). Cryptanalysis of simple three-party key exchange protocol. Computers & Security, 27, 16–21.
Kwon, J. O., Sakurai, K., & Lee, D. H. (2006). Efficient password-authenticated key exchange for three-party secure against undetectable on-line dictionary attacks. In LNCS: Vol. 3991. Proc. of ICCS’06, Part 1 (pp. 977–980). Berlin: Springer.
Lee, T.-F., Hwang, T., & Lin, C.-L. (2004). Enhanced three-party encrypted key exchange without server public keys. Computers & Security, 23, 571–577.
Lin, C.-L., Sun, H.-M., & Hwang, T. (2000). Three-party encrypted key exchange: attacks and a solution. Operating Systems Review, 34(4), 12–20.
Lin, C.-L., Sun, H.-M., Steiner, M., & Hwang, T. (2001). Three-party encrypted key exchange without server public keys. IEEE Communications Letters, 5(12), 497–499.
Lu, R., & Cao, Z. (2007). Simple three-party key exchange protocol. Computers & Security, 26, 94–97.
Steiner, M., Tsudik, G., & Waidner, M. (1995). Refinement and extension of encrypted key exchange. Operating Systems Review, 29(3), 22–30.
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was supported by Hanshin University Research Grant.
Rights and permissions
About this article
Cite this article
Youn, TY., Kang, E.S. & Lee, C. Efficient three-party key exchange protocols with round efficiency. Telecommun Syst 52, 1367–1376 (2013). https://doi.org/10.1007/s11235-011-9649-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-011-9649-3