Security Analysis and Improvements of Three-Party Password-Based Authenticated Key Exchange Protocol
作者: Qingping Wang , Ou Ruan , Zihao Wang
DOI: 10.1007/978-3-319-59463-7_49
关键词: Public-key cryptography 、 Security association 、 Password 、 Internet Security Association and Key Management Protocol 、 Session key 、 Authenticated Key Exchange 、 Oakley protocol 、 Computer science 、 Protocol (object-oriented programming) 、 Computer security
摘要: Three-party password-based authenticated key exchange (3PAKE) protocol allows two clients, each sharing a password with trusted server, to establish secret session the help of server. It is practical mechanism for establishing secure channels in communication networks. Recently, Xu et al. proposed 3PAKE without server’s public key. They claimed that their could withstand various attacks. In this paper, we show al.’s insecure against stolen-verifier attack. Furthermore, propose an improved overcome weakness protocol. Security and performance analysis shows our not only overcomes security weakness, but also more efficient. Therefore, suitable applications.
springer.com
sci-hub.st 参考文章(24)
Ruhul Amin, G. P. Biswas, Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card Arabian Journal for Science and Engineering. ,vol. 40, pp. 3135- 3149 ,(2015) , 10.1007/S13369-015-1743-5
Ou Ruan, Neeraj Kumar, Debiao He, Jong-Hyouk Lee, Efficient provably secure password-based explicit authenticated key agreement Pervasive and Mobile Computing. ,vol. 24, pp. 50- 60 ,(2015) , 10.1016/J.PMCJ.2015.06.008
Sung-Woon Lee, Woo-Hun Kim, Hyun-Sung Kim, Kee-Young Yoo, Efficient Password-Based Authenticated Key Agreement Protocol international conference on computational science and its applications. pp. 617- 626 ,(2004) , 10.1007/978-3-540-24768-5_66
Mohammad Sabzinejad Farash, SK Hafizul Islam, Mohammad S. Obaidat, A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks Concurrency and Computation: Practice and Experience. ,vol. 27, pp. 4897- 4913 ,(2015) , 10.1002/CPE.3477
Hung-Min Sun, Bing-Chang Chen, Tzonelih Hwang, Secure key agreement protocols for three-party against guessing attacks Journal of Systems and Software. ,vol. 75, pp. 63- 68 ,(2005) , 10.1016/J.JSS.2003.11.017
Chun-Li Lin, Hung-Min Sun, Tzonelih Hwang, Three-party encrypted key exchange ACM SIGOPS Operating Systems Review. ,vol. 34, pp. 12- 20 ,(2000) , 10.1145/506106.506108
SK Hafizul Islam, Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps Information Sciences. ,vol. 312, pp. 104- 130 ,(2015) , 10.1016/J.INS.2015.03.050
Qi Xie, Na Dong, Xiao Tan, Duncan S. Wong, Guilin Wang, Improvement of a Three-Party Password-Based Key Exchange Protocol with Formal Verification international test conference. ,vol. 42, pp. 231- 237 ,(2013) , 10.5755/J01.ITC.42.3.1905
Tian-Fu Lee, Tzonelih Hwang, Chun-Li Lin, Enhanced three-party encrypted key exchange without server public keys Computers & Security. ,vol. 23, pp. 571- 577 ,(2004) , 10.1016/J.COSE.2004.06.007
Yun Ding, Patrick Horster, Undetectable on-line password guessing attacks Operating Systems Review. ,vol. 29, pp. 77- 86 ,(1995) , 10.1145/219282.219298