Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Refinement and extension of encrypted key exchange
ACM SIGOPS Operating Systems Review
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Cryptanalysis of tripartite and multi-party authenticated key agreement protocols
Information Sciences: an International Journal
Security weakness in a three-party pairing-based protocol for password authenticated key exchange
Information Sciences: an International Journal
EC2C-PAKA: An efficient client-to-client password-authenticated key agreement
Information Sciences: an International Journal
Information Sciences: an International Journal
Three weaknesses in a simple three-party key exchange protocol
Information Sciences: an International Journal
A communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Privacy preservation with X.509 standard certificates
Information Sciences: an International Journal
Provably secure three-party password-based authenticated key exchange protocol
Information Sciences: an International Journal
Two-server password-only authenticated key exchange
Journal of Computer and System Sciences
Simple password-based encrypted key exchange protocols
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
New directions in cryptography
IEEE Transactions on Information Theory
Provably secure threshold public-key encryption with adaptive security and short ciphertexts
Information Sciences: an International Journal
Efficient and dynamic key management for multiple identities in identity-based systems
Information Sciences: an International Journal
Journal of Computer and System Sciences
Hi-index | 0.07 |
In 2007, Lu and Cao proposed a simple, three-party, password-based, authenticated key exchange (S-3PEKE) protocol based on the chosen-basis computational Diffie-Hellman assumption. Although the authors claimed that their protocol was superior to similar protocols from the aspects of security and efficiency, Chung and Ku pointed out later that S-3PEKE is vulnerable to an impersonation-of-initiator attack, an impersonation-of-responder attack, and a man-in-the-middle attack. Therefore, Chung and Ku also proposed a countermeasure with a formal proof to remedy the security flaws. Unfortunately, we have determined that Chung and Ku's protocol cannot withstand an off-line password guessing attack. In this paper, we briefly review Chung and Ku's protocol, demonstrate its weakness, and propose an enhanced version that is provably secure in the three-party setting.