Enhanced password-based simple three-party key exchange protocol

Hyun Seok Kim; Jin Young Choi

doi:10.1016/j.compeleceng.2008.05.007

Enhanced password-based simple three-party key exchange protocol

Hyun Seok Kim, Jin Young Choi

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

53 Citations (Scopus)

Abstract

Recently, Lu and Cao proposed a simple three-party password-based key exchange (STPKE) protocol based on the CCDH assumption. They claimed that their protocol is secure, efficient, and practical. In this paper, unlike their claims, we find that the STPKE protocol is still vulnerable to undetectable on-line password guessing attacks by using formal description, BPR model. These weakness is due to the fact that the messages of the communicants are not appropriately encrypted into the exchanged cryptographic messages. To enhance the security of the STPKE protocol, we suggest a countermeasure to resist our described attacks while the merits of the original protocol are left unchanged.

Original language	English
Pages (from-to)	107-114
Number of pages	8
Journal	Computers and Electrical Engineering
Volume	35
Issue number	1
DOIs	https://doi.org/10.1016/j.compeleceng.2008.05.007
Publication status	Published - 2009 Jan

Keywords

BPR model
Password-based key exchange protocol
Undetectable on-line guessing attack

ASJC Scopus subject areas

Control and Systems Engineering
Computer Science(all)
Electrical and Electronic Engineering

Access to Document

10.1016/j.compeleceng.2008.05.007

Cite this

@article{8f2e7486d87e4ccbba31cad12d34fdb7,

title = "Enhanced password-based simple three-party key exchange protocol",

abstract = "Recently, Lu and Cao proposed a simple three-party password-based key exchange (STPKE) protocol based on the CCDH assumption. They claimed that their protocol is secure, efficient, and practical. In this paper, unlike their claims, we find that the STPKE protocol is still vulnerable to undetectable on-line password guessing attacks by using formal description, BPR model. These weakness is due to the fact that the messages of the communicants are not appropriately encrypted into the exchanged cryptographic messages. To enhance the security of the STPKE protocol, we suggest a countermeasure to resist our described attacks while the merits of the original protocol are left unchanged.",

keywords = "BPR model, Password-based key exchange protocol, Undetectable on-line guessing attack",

author = "Kim, {Hyun Seok} and Choi, {Jin Young}",

year = "2009",

month = jan,

doi = "10.1016/j.compeleceng.2008.05.007",

language = "English",

volume = "35",

pages = "107--114",

journal = "Computers and Electrical Engineering",

issn = "0045-7906",

publisher = "Elsevier Limited",

number = "1",

}

TY - JOUR

T1 - Enhanced password-based simple three-party key exchange protocol

AU - Kim, Hyun Seok

AU - Choi, Jin Young

PY - 2009/1

Y1 - 2009/1

N2 - Recently, Lu and Cao proposed a simple three-party password-based key exchange (STPKE) protocol based on the CCDH assumption. They claimed that their protocol is secure, efficient, and practical. In this paper, unlike their claims, we find that the STPKE protocol is still vulnerable to undetectable on-line password guessing attacks by using formal description, BPR model. These weakness is due to the fact that the messages of the communicants are not appropriately encrypted into the exchanged cryptographic messages. To enhance the security of the STPKE protocol, we suggest a countermeasure to resist our described attacks while the merits of the original protocol are left unchanged.

AB - Recently, Lu and Cao proposed a simple three-party password-based key exchange (STPKE) protocol based on the CCDH assumption. They claimed that their protocol is secure, efficient, and practical. In this paper, unlike their claims, we find that the STPKE protocol is still vulnerable to undetectable on-line password guessing attacks by using formal description, BPR model. These weakness is due to the fact that the messages of the communicants are not appropriately encrypted into the exchanged cryptographic messages. To enhance the security of the STPKE protocol, we suggest a countermeasure to resist our described attacks while the merits of the original protocol are left unchanged.

KW - BPR model

KW - Password-based key exchange protocol

KW - Undetectable on-line guessing attack

UR - http://www.scopus.com/inward/record.url?scp=58049215501&partnerID=8YFLogxK

U2 - 10.1016/j.compeleceng.2008.05.007

DO - 10.1016/j.compeleceng.2008.05.007

M3 - Article

AN - SCOPUS:58049215501

SN - 0045-7906

VL - 35

SP - 107

EP - 114

JO - Computers and Electrical Engineering

JF - Computers and Electrical Engineering

IS - 1

ER -

Enhanced password-based simple three-party key exchange protocol

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Cite this