Refinement and extension of encrypted key exchange
ACM SIGOPS Operating Systems Review
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A password authentication scheme over insecure networks
Journal of Computer and System Sciences
Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS
Designs, Codes and Cryptography
A round- and computation-efficient three-party authenticated key exchange protocol
Journal of Systems and Software
Forward secrecy in password-only key exchange protocols
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Authenticated key exchange and key encapsulation in the standard model
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Efficient two-party password-based key exchange protocols in the UC framework
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
One-Round protocol for two-party verifier-based password-authenticated key exchange
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
IEEE Transactions on Consumer Electronics
Hi-index | 0.00 |
Recently, Tzung-Her Chen, Wei-Bin Lee, and Hsing-Bai Chen (CLC) proposed a new three-party password-based authenticated key exchange (3PAKE) protocol. This CLC protocol needs not store the security-sensitive table on the server side, which reduces the danger of the server being compromised; also, it has the advantage in terms of the round efficiency and computational cost. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice. On the basis of this finding, we present a modified 3PAKE protocol called I-CLC protocol, which is essentially an improved CLC protocol. I-CLC can resist attacks available, including the man-in-the-middle attack that we mentioned on the initial CLC protocol. Meanwhile, the new protocol allows that the participants choose their own passwords by themselves; additionally, the computation cost of I-CLC is lower than that of CLC protocol. Copyright © 2011 John Wiley & Sons, Ltd.