Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys

Authors:
Hu Xiong;Yanan Chen;Zhi Guan;Zhong Chen
Affiliations:
School of Computer Science and Engineering, The University of Electronic Science and Technology of China, Chengdu, PR China and Institute of Software, School of Electronics Engineering and Compute ...;State Key Laboratory of Rail Traffic Control and Safety, Beijing Jiao Tong University, Beijing, PR China;Institute of Software, School of Electronics Engineering and Computer Science, Peking University, Beijing, PR China;Institute of Software, School of Electronics Engineering and Computer Science, Peking University, Beijing, PR China
Venue:
Information Sciences: an International Journal
Year:
2013

Citing 15
Cited 0

Handbook of Applied Cryptography

Handbook of Applied Cryptography
Key Agreement Protocols and Their Security Analysis

Proceedings of the 6th IMA International Conference on Cryptography and Coding
Security weakness in a three-party pairing-based protocol for password authenticated key exchange

Information Sciences: an International Journal
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Information Sciences: an International Journal
A simple three-party password-based key exchange protocol

International Journal of Communication Systems
An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments

Journal of Systems and Software
Simple authenticated key agreement and protected password change protocol

Computers & Mathematics with Applications
Simple password-based three-party authenticated key exchange without server public keys

Information Sciences: an International Journal
A communication-efficient three-party password authenticated key exchange protocol

Information Sciences: an International Journal
Efficient three-party password-based key exchange scheme

International Journal of Communication Systems
Extended KCI attack against two-party key establishment protocols

Information Processing Letters
Provably secure three-party password-based authenticated key exchange protocol

Information Sciences: an International Journal
One-Time verifier-based encrypted key exchange

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
New directions in cryptography

IEEE Transactions on Information Theory
Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol

Information Sciences: an International Journal

Quantified Score

Hi-index	0.07

Visualization

Abstract

Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.'s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model.