Improving the novel three-party encrypted key exchange protocol

Authors:
Eun-Jun Yoon;Kee-Young Yoo
Affiliations:
Faculty of Computer Information, Daegu Polytechnic College, 42 Jinri-2gil (Manchon 3dong San395), Suseong-Gu, Daegu 706-711, South Korea;Department of Computer Engineering, Kyungpook National University, 1370, Sankyuk-Dong, Buk-Gu, Daegu 702-701, South Korea
Venue:
Computer Standards & Interfaces
Year:
2008

Citing 9
Cited 4

A hard-core predicate for all one-way functions

STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Limits on the provable consequences of one-way permutations

STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Refinement and extension of encrypted key exchange

ACM SIGOPS Operating Systems Review
Undetectable on-line password guessing attacks

ACM SIGOPS Operating Systems Review
Three-party encrypted key exchange: attacks and a solution

ACM SIGOPS Operating Systems Review
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Many-to-One Trapdoor Functions and Their Ralation to Public-Key Cryptosystems

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Secure key agreement protocols for three-party against guessing attacks

Journal of Systems and Software - Special issue: Software engineering education and training
Protecting poorly chosen secrets from guessing attacks

IEEE Journal on Selected Areas in Communications

Cryptanalysis of two three-party encrypted key exchange protocols

Computer Standards & Interfaces
An novel three-party authenticated key exchange protocol using one-time key

Journal of Network and Computer Applications
Two ID-based authenticated schemes with key agreement for mobile environments

The Journal of Supercomputing
An undetectable on-line password guessing attack on Nam et al.'s three-party key exchange protocol

Journal of Computational Methods in Sciences and Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 2004, Chang and Chang proposed a three-party encrypted key exchange (ECC-3PEKE) protocol without using the server's public keys. They claimed that their proposed ECC-3PEKE protocol is secure, efficient, and practical. Unlike their claims, the ECC-3PEKE protocol, however, is still susceptible to undetectable on-line password guessing attacks. Accordingly, the current paper demonstrates the vulnerability of Chang-Chang's ECC-3PEKE protocol regarding undetectable on-line password guessing attacks and than presents an enhancement to resolve such security problems.