Cryptanalysis of a simple three-party password-based key exchange protocol

Authors:
Eun-Jun Yoon;Kee-Young Yoo
Affiliations:
School of Electrical Engineering and Computer Science, Kyungpook National University, 1370 Sankyuk-Dong, Buk-Gu, Daegu 702-701, South Korea;Department of Computer Engineering, Kyungpook National University, 1370 Sankyuk-Dong, Buk-Gu, Daegu 702-701, South Korea
Venue:
International Journal of Communication Systems
Year:
2011

Citing 0
Cited 3

Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme

International Journal of Communication Systems
Cryptanalysis of an efficient three-party password-based key exchange scheme

International Journal of Communication Systems
An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

In order to secure communications between two clients with a trusted server's help in public network environments, a three-party authenticated key exchange (3PAKE) protocol is used to provide the transaction confidentiality and the efficiency. In 2009, Huang proposed a simple three-party password-based authenticated key exchange (HS-3PAKE) protocol without any server's public key. By analysis, Huang claimed that the proposed HS-3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that HS-3PAKE protocol is vulnerable to undetectable online password guessing attacks and off-line password guessing attacks by any other user. Copyright © 2010 John Wiley & Sons, Ltd.