Abstract
A simple three-party password-based authenticated key exchange (S-3PAKE) protocols are extremely important to secure communications and are now extensively adopted in network communications. In 2009, Nam et al. pointed out that S-3PAKE protocol, by Lu and Cao for password-authenticated key exchange in the three-party setting, is vulnerable to an off-line dictionary attack. Then, they proposed some countermeasures how to eliminate the security vulnerability of the S-3PAKE. Nevertheless, this paper points out their enhanced S-3PAKE protocol is still vulnerable to undetectable on-line dictionary attacks and off-line dictionary attack unlike their claim.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bellovin, S., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proc. 1992 IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)
Lee, T., Hwang, T., Lin, C.: Enhanced three-party encrypted key exchange without server public keys. Computers Security 23(7), 571–577 (2004)
Wen, H., Lee, T., Hwang, T.: Provably secure three-party password-based authenticated key exchange protocol using Weil pairing. IEE Proc. Com. 152(2), 138–143 (2005)
Kim, H., Choi, J.: Enhanced password-based simple three-party key exchange protocol. Computers & Electrical Engineering 35, 107–114 (2009)
Ding, Y., Horster, P.: Undetectable on-line password guessing attacks. ACM Operating Systems Review 29(4), 77–86 (1995)
Lu, R., Cao, Z.: Simple three-party key exchange protocol. Computers & Security 26(1), 94–97 (2007)
Abdalla, M., Pointcheval, D.: Simple Password-Based Encrypted Key Exchange Protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)
Chung, H., Ku, W.: Three weaknesses in a simple three-party key exchange protocol. Inform. Sciences 178(1), 220–229 (2008)
Guo, H., Li, Z., Mu, Y., Zhang, X.: Cryptanalysis of simple threeparty key exchange protocol. Computers & Security 27(1), 16–21 (2008)
Phan, R., Yau, W., Goi, B.: Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Inform. Sciences 178(13), 2849–2856 (2008)
Nam, J., Paik, J., Kang, H., Kim, U., Won, D.: An off-line dictionary attack on a simple three-party key exchange protocol. IEEE Commun. Lett. 13(3), 205–207 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, HJ., Yoon, EJ. (2011). Cryptanalysis of an Enhanced Simple Three-Party Key Exchange Protocol. In: Kim, Th., Adeli, H., Fang, Wc., Villalba, J.G., Arnett, K.P., Khan, M.K. (eds) Security Technology. SecTech 2011. Communications in Computer and Information Science, vol 259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27189-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-27189-2_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27188-5
Online ISBN: 978-3-642-27189-2
eBook Packages: Computer ScienceComputer Science (R0)