Cryptanalysis of simple three-party key exchange protocol |
| |
| Authors: | Hua Guo Zhoujun Li Yi Mu Xiyong Zhang |
| |
| Affiliation: | aSchool of Computer Science & Engineering, Beihang University, 37 Xueyuan Road, Beijing 100083, People's Republic of China;bCentre for Computer and Information Security Research, School of Computer Science Software Engineering, University of Wollongong, NSW 2522, Australia;cDepartment of Applied Mathematics, Information Engineering University Zhengzhou 450002, People's Republic of China |
| |
| Abstract: | ![]()
Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in Journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol. |
| |
| Keywords: | Password-authenticated key exchange Cryptanalysis Security Dictionary attack Man-in-the-middle attack |
| 本文献已被 ScienceDirect 等数据库收录! |
|
