Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Cryptanalysis of tripartite and multi-party authenticated key agreement protocols
Information Sciences: an International Journal
Security weakness in a three-party pairing-based protocol for password authenticated key exchange
Information Sciences: an International Journal
EC2C-PAKA: An efficient client-to-client password-authenticated key agreement
Information Sciences: an International Journal
A new method for using hash functions to solve remote user authentication
Computers and Electrical Engineering
The importance of proofs of security for key establishment protocols
Computer Communications
Password authenticated key exchange protocols among diverse network domains
Computers and Electrical Engineering
Simple authenticated key agreement and protected password change protocol
Computers & Mathematics with Applications
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Simple password-based encrypted key exchange protocols
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Simple password-based three-party authenticated key exchange without server public keys
Information Sciences: an International Journal
A communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Three-party password-based authenticated key exchange protocol based on bilinear pairings
ICICA'10 Proceedings of the First international conference on Information computing and applications
Provably secure three-party password-based authenticated key exchange protocol
Information Sciences: an International Journal
Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
An novel three-party authenticated key exchange protocol using one-time key
Journal of Network and Computer Applications
The Journal of Supercomputing
| Hi-index | 0.00 |
Recently, Lu and Cao proposed a simple three-party password-based key exchange (STPKE) protocol based on the CCDH assumption. They claimed that their protocol is secure, efficient, and practical. In this paper, unlike their claims, we find that the STPKE protocol is still vulnerable to undetectable on-line password guessing attacks by using formal description, BPR model. These weakness is due to the fact that the messages of the communicants are not appropriately encrypted into the exchanged cryptographic messages. To enhance the security of the STPKE protocol, we suggest a countermeasure to resist our described attacks while the merits of the original protocol are left unchanged.