Abstract: Three-party password authenticated key exchange (3PAKE)
protocol plays a significant role in the history of secure communication
area in which two clients agree a robust session key in an authentic manner
based on passwords. In recent years, researchers focused on developing
simple 3PAKE (S-3PAKE) protocol to gain system efficiency while preserving
security robustness for the system. In this study, we first demonstrate how
an undetectable on-line dictionary attack can be successfully applied over
three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE
protocol is then introduced to eliminate the identified authentication
weakness.
LO Nai-wei (罗乃维), YEH Kuo-hui (叶国晖)
. Simple Three-Party Password Authenticated Key Exchange Protocol[J]. Journal of Shanghai Jiaotong University(Science), 2011
, 16(5)
: 600
-603
.
DOI: 10.1007/s12204-011-1195-3
1 Lu R X, Cao Z F. Simple three-party key exchange protocol [J]. Computers and Security, 2007, 26(1): 94-97.
2 Chung H R, Ku W C. Three weaknesses in a simple three-party key exchange protocol [J]. Information Sciences, 2008, 178(1): 220-229.
3 Guo H, Li Z J, Mu Y, et al. Cryptanalysis of simple three-party key exchange protocol [J]. Computers and Security, 2008, 27(1-2): 16-21.
4 Nam J Y, Paik J Y, Kang H K, et al. An off-line dictionary attack on a simple three-party key exchange protocol [J]. IEEE Communications Letters, 2009, 13(3): 205-207.
5 Phan R C-W, Yau W C, Goi B M. Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) [J]. Information Sciences, 2008, 178(13): 2849-2856.
6 Ding Y, Horster P. Undetectable on-line password guessing attacks [J]. ACM SIGOPS Operating Systems Review, 1995, 29(4): 77-86.
7 Chien Hung-yu, Laih Chi-sung. ECC-based lightweight authentication protocol with untraceability for low-cost RFID [J]. Journal of Parallel and Distributed Computing, 2009, 69(10): 848-853.
8 Lin S, Costello D J. Error control coding: Fundamentals and applications [M]. New Jersey: Prentice-Hall Press, 1983.
