Security enhancement for a three-party encrypted key exchange protocol against undetectable on-line password guessing attacks

Authors:
Hsing-Bai Chen;Tzung-Her Chen;Wei-Bin Lee;Chin-Chen Chang
Affiliations:
Department of Information Engineering and Computer Science, Feng Chia University, Taiwan, ROC;Department of Computer Science and Information Engineering, National Chiayi University, Taiwan, ROC;Department of Information Engineering and Computer Science, Feng Chia University, Taiwan, ROC;Department of Information Engineering and Computer Science, Feng Chia University, Taiwan, ROC
Venue:
Computer Standards & Interfaces
Year:
2008

Citing 10
Cited 4

Refinement and extension of encrypted key exchange

ACM SIGOPS Operating Systems Review
Undetectable on-line password guessing attacks

ACM SIGOPS Operating Systems Review
Three-party encrypted key exchange: attacks and a solution

ACM SIGOPS Operating Systems Review
KryptoKnight Authentication and Key Distribution System

ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Many-to-One Trapdoor Functions and Their Ralation to Public-Key Cryptosystems

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Secure key agreement protocols for three-party against guessing attacks

Journal of Systems and Software - Special issue: Software engineering education and training
Attack on the Sun-Chen-Hwang's Three-Party Key Agreement Protocols Using Passwords*This research was supported by the University IT Research Center Project funded by the Korean Ministry of Information and Communication.

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
New directions in cryptography

IEEE Transactions on Information Theory
Kerberos: an authentication service for computer networks

IEEE Communications Magazine

Cryptanalysis of two three-party encrypted key exchange protocols

Computer Standards & Interfaces
A communication-efficient three-party password authenticated key exchange protocol

Information Sciences: an International Journal
Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol

Information Sciences: an International Journal
An undetectable on-line password guessing attack on Nam et al.'s three-party key exchange protocol

Journal of Computational Methods in Sciences and Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 1995, a potential attack, called undetectable on-line password guessing attack, on three-party encrypted key exchange (3PEKE) protocol is highlighted by Ding and Horster. Since then, this attack has been one of the main concerns for developing a secure 3 PEKE protocol. Recently, Chang and Chang proposed a password-based three-party encrypted key exchange protocol that simultaneously possesses round and computation efficiencies. However, this paper shows that their protocol is potentially vulnerable toward undetectable on-line password guessing attacks. As their protocol is currently one of the most superior of all 3PEKE approaches; it seems worthwhile and valuable to remedy this potential security problem.