Impersonating the Server on Simple three Party Key Exchange Protocol
نویسنده
چکیده
The Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. On the other hand, the protocol should resist all types of password guessing attacks, since the password is of low entropy. Recently Lu Cao proposed a simple three-party password based authenticated key exchange (S-3 PAKE) protocol and claimed that it can resist various attacks. Unlike their claims Phan et al., presented an Undetectable online dictionary attack on the above protocol. In the present paper, impersonation of the server is demonstrated on S-3PAKE protocol using the Undetectable online dictionary attack proposed by Phan et al.
منابع مشابه
Efficient Three-Party Authentication and Key Agreement Protocols Resistant to Password Guessing Attacks
Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-...
متن کاملAtLast: Another Three-party Lattice-based PAKE Scheme
Password-based Authenticated Key Exchange (PAKE) protocol assumes that the parties share a low-entropy, easy-to-remember password to achieve the authentication with a high-entropy session key. PAKE protocols can be employed to hand-held devices for access control of sensitive personal data remotely. For communication with more than one user, the user needs to remember all passwords between othe...
متن کاملThree-Party Password-Based Authenticated Key Establishment Protocol Resisting Detectable On-Line Attacks
Three-party password-based authenticated key establishment (three-party PAKE) protocols, which enables two clients to authenticate each other and build a session key with the help of an on-line server, has received much attention in recent years. Until now, designing a secure three-party PAKE protocol resisting detectable on-line password guessing attacks is still a challenging problem. To prev...
متن کاملImproving Security of A Communication-efficient Three-party Password Authentication Key Exchange Protocol
Three-party Password-based Authentication Key Exchange (3PAKE) allows a trusted server to assist two users to establish a common session key. Recently, Wu et al. pointed out that Chang et al.’s 3PAKE was vulnerable to the off-line guessing attack and proposed an improved 3PAKE to fix the problem. However, we found that Wu et al.’s protocol is still subject to the off-line guessing attack. In ad...
متن کاملOn the Security of a Chaotic Maps-based Three-party Authenticated Key Agreement Protocol
Chaotic map has been receiving increasing attention in the cryptographic literature. There are various scholars working on a particular type of authenticated key exchange protocol using chaotic map in the recent years. Very recently, Li et al. proposed a new three-party-authenticated key agreement protocol based on chaotic maps without storing a password table in a server. Compared with previou...
متن کامل