Handbook of Applied Cryptography
Handbook of Applied Cryptography
Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Security weakness in a three-party pairing-based protocol for password authenticated key exchange
Information Sciences: an International Journal
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
Information Sciences: an International Journal
A simple three-party password-based key exchange protocol
International Journal of Communication Systems
Journal of Systems and Software
Simple authenticated key agreement and protected password change protocol
Computers & Mathematics with Applications
Simple password-based three-party authenticated key exchange without server public keys
Information Sciences: an International Journal
A communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Efficient three-party password-based key exchange scheme
International Journal of Communication Systems
Extended KCI attack against two-party key establishment protocols
Information Processing Letters
Provably secure three-party password-based authenticated key exchange protocol
Information Sciences: an International Journal
One-Time verifier-based encrypted key exchange
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
New directions in cryptography
IEEE Transactions on Information Theory
Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Hi-index | 0.07 |
Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.'s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model.