Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Three weaknesses in a simple three-party key exchange protocol
Information Sciences: an International Journal
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
Information Sciences: an International Journal
Efficient and Strongly Secure Password-Based Server Aided Key Exchange (Extended Abstract)
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Journal of Systems and Software
An off-line dictionary attack on a simple three-party key exchange protocol
IEEE Communications Letters
Cryptanalysis of a Three-Party Authenticated Key Exchange Protocol Using Elliptic Curve Cryptography
ICRCCS '09 Proceedings of the 2009 International Conference on Research Challenges in Computer Science
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A framework for password-based authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
A communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Cryptanalysis of a simple three-party password-based key exchange protocol
International Journal of Communication Systems
Efficient three-party password-based key exchange scheme
International Journal of Communication Systems
Simple password-based encrypted key exchange protocols
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
New directions in cryptography
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Three-party password-authenticated key exchange (3PAKE) protocols allow entities to negotiate a secret session key with the aid of a trusted server with whom they share a human-memorable password. Recently, Lou and Huang proposed a simple 3PAKE protocol based on elliptic curve cryptography, which is claimed to be secure and to provide superior efficiency when compared with similar-purpose solutions. In this paper, however, we show that the solution is vulnerable to key-compromise impersonation and offline password guessing attacks from system insiders or outsiders, which indicates that the empirical approach used to evaluate the scheme's security is flawed. These results highlight the need of employing provable security approaches when designing and analyzing PAKE schemes. Copyright © 2011 John Wiley & Sons, Ltd.