Security analysis and enhancement for three-party password-based authenticated key exchange protocol

Authors:
Jianjie Zhao;Dawu Gu;Lei Zhang
Affiliations:
School of Information Security Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China;Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China;Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China
Venue:
Security and Communication Networks
Year:
2012

Citing 12
Cited 0

Refinement and extension of encrypted key exchange

ACM SIGOPS Operating Systems Review
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A password authentication scheme over insecure networks

Journal of Computer and System Sciences
Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS

Designs, Codes and Cryptography
A round- and computation-efficient three-party authenticated key exchange protocol

Journal of Systems and Software
Forward secrecy in password-only key exchange protocols

SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Authenticated key exchange and key encapsulation in the standard model

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Efficient two-party password-based key exchange protocols in the UC framework

CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
HMQV: a high-performance secure diffie-hellman protocol

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
One-Round protocol for two-party verifier-based password-authenticated key exchange

CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, Tzung-Her Chen, Wei-Bin Lee, and Hsing-Bai Chen (CLC) proposed a new three-party password-based authenticated key exchange (3PAKE) protocol. This CLC protocol needs not store the security-sensitive table on the server side, which reduces the danger of the server being compromised; also, it has the advantage in terms of the round efficiency and computational cost. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice. On the basis of this finding, we present a modified 3PAKE protocol called I-CLC protocol, which is essentially an improved CLC protocol. I-CLC can resist attacks available, including the man-in-the-middle attack that we mentioned on the initial CLC protocol. Meanwhile, the new protocol allows that the participants choose their own passwords by themselves; additionally, the computation cost of I-CLC is lower than that of CLC protocol. Copyright © 2011 John Wiley & Sons, Ltd.