Enhanced password-based simple three-party key exchange protocol

Hyun Seok Kim, Jin Young Choi

    Research output: Contribution to journalArticlepeer-review

    54 Citations (Scopus)

    Abstract

    Recently, Lu and Cao proposed a simple three-party password-based key exchange (STPKE) protocol based on the CCDH assumption. They claimed that their protocol is secure, efficient, and practical. In this paper, unlike their claims, we find that the STPKE protocol is still vulnerable to undetectable on-line password guessing attacks by using formal description, BPR model. These weakness is due to the fact that the messages of the communicants are not appropriately encrypted into the exchanged cryptographic messages. To enhance the security of the STPKE protocol, we suggest a countermeasure to resist our described attacks while the merits of the original protocol are left unchanged.

    Original languageEnglish
    Pages (from-to)107-114
    Number of pages8
    JournalComputers and Electrical Engineering
    Volume35
    Issue number1
    DOIs
    Publication statusPublished - 2009 Jan

    Keywords

    • BPR model
    • Password-based key exchange protocol
    • Undetectable on-line guessing attack

    ASJC Scopus subject areas

    • Control and Systems Engineering
    • General Computer Science
    • Electrical and Electronic Engineering

    Fingerprint

    Dive into the research topics of 'Enhanced password-based simple three-party key exchange protocol'. Together they form a unique fingerprint.

    Cite this