Refinement and extension of encrypted key exchange
ACM SIGOPS Operating Systems Review
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Secure key agreement protocols for three-party against guessing attacks
Journal of Systems and Software - Special issue: Software engineering education and training
Computer Standards & Interfaces
Improving the novel three-party encrypted key exchange protocol
Computer Standards & Interfaces
An off-line dictionary attack on a simple three-party key exchange protocol
IEEE Communications Letters
A communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Hi-index | 0.00 |
Three-party key exchange protocol is one of the most essential cryptographic technique in the secure communication areas. In this protocol, two clients, each shares a human-memorable password, working with a trusted server, can agree a secure session key. Recently, Lu and Cao proposed a new simple three-party key exchange S-3PAKE protocol and claimed that it is not only very simple and efficient, but also can survive against various known attacks. However, Nam et al. pointed out that S-3PAKE is vulnerable to both off-line password guessing attack and undetectable on-line password guessing attack. Based on their finding, Nam et al. proposed an improved method to resolve this weakness. They further claimed that so far no off-line password guessing attack has been successful against their proposed protocol. In this paper, we demonstrate that Nam et al.'s improved protocol, unfortunately, is still vulnerable to an undetectable on-line password guessing attack. We therefore propose a simple and powerful method to address this issue. Which results in an improved three-party key exchange protocol that can protect against an undetectable on-line password guessing attack.