Cryptanalysis of simple three-party key exchange protocol (original) (raw)
Related papers
Cryptanalysis of a Three-party Password-based Authenticated Key Exchange Protocol
Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Recently, Lo et al. proposed a three-party password-based authenticated key exchange (3PAKE) protocol, where two users, each shares a human-memorable password with a server, can generate a session key for future communication with the help of the server. They claimed that their scheme could resist various attacks. However, this work shows that Lo et al.'s protocol is vulnerable to an off-line password guessing attack. The analysis show Lo et al.'s protocols is not suitable for practical applications.
Lecture Notes in Computer Science, 2006
There has been much i n terest in password-authenticated keyexchange protocols which remain secure even when users choose passwords from a very small space of possible passwords say, a dictionary of English words. Under this assumption, one must be careful to design protocols which cannot be broken using o -line dictionary attacks in which a n a d v ersary enumerates all possible passwords in an attempt to determine the correct one. Many heuristic protocols have been proposed to solve this important problem. Only recently have formal validations of security namely, proofs in the idealized random oracle and ideal cipher models been given for speci c constructions 3, 10, 22 . Very recently, a construction based on general assumptions, secure in the standard model with human-memorable passwords, has been proposed by Goldreich and Lindell 17 . Their protocol requires no public parameters; unfortunately, it requires techniques from general multi-party computation which make it impractical. Thus, 17 only proves that solutions are possible in principal". The main question left open by their work was nding an e cient solution to this fundamental problem. We show an e cient, 3-round, password-authenticated key exchange protocol with human-memorable passwords which i s p r o v ably secure under the Decisional Di e-Hellman assumption, yet requires only roughly 8 times more computation than standard" Di e-Hellman key exchange 14 which provides no authentication at all. We assume public parameters available to all parties. We stress that we w ork in the standard model only, and do not require a random oracle" assumption. exchange underly most interactions taking place on the Internet. The importance of this primitive has been realized for some time by the security community see 11 for exhaustive references, followed by an increasing recognition that precise de nitions and formalization were needed. The rst formal treatments 4,6,2, 20,9,28,11 were in a model in which participants already share some cryptographically-strong information: either a secret key which can be used for encryption authentication of messages, or a public key which can be used for encryption signing of messages. The setting arising most often in practice | in which h uman users are only capable of storing human-memorable" passwords password-authenticated key exchange | remains much less studied, though many heuristic protocols exist. Indeed, only recently have formal de nitions of security for this setting appeared 3,10,22,17 .
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
2008
Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Pointcheval two-party SPAKE extended to three parties. S-3PAKE can be seen to have a structure alternative to that of another three-party PAKE protocol (3PAKE) by Abdalla and Pointcheval.
On the security of a password-only authenticated three-party key exchange protocol
This note reports major previously unpublished security vulnerabilities in the password-only authenticated three-party key exchange protocol due to Lee and Hwang (Information Sciences, 180, 1702-1714, 2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary.
Cryptanalysis of an efficient three‐party password‐based key exchange scheme
2012
Three-party password-authenticated key exchange (3PAKE) protocols allow entities to negotiate a secret session key with the aid of a trusted server with whom they share a human-memorable password. Recently, Lou and Huang proposed a simple 3PAKE protocol based on elliptic curve cryptography, which is claimed to be secure and to provide superior efficiency when compared with similar-purpose solutions. In this paper, however, we show that the solution is vulnerable to key-compromise impersonation and offline password guessing attacks from system insiders or outsiders, which indicates that the empirical approach used to evaluate the scheme's security is flawed. These results highlight the need of employing provable security approaches when designing and analyzing PAKE schemes.
Password-based authenticated key exchange protocol is a type of authenticated key exchange protocols which enables two or more communication entities, who only share weak, low-entropy and easily memorable passwords, to authenticate each other and establish a high-entropy secret session key. In 2012, Tallapally proposed an enhanced three-party password-based authenticated key exchange protocol to overcome the weaknesses of Huang’s scheme. However, in this paper, we indicate that the Tallapally’s scheme not only is still vulnerable to undetectable online password guessing attack, but also is insecure against off-line password guessing attack. Therefore, we propose a more secure and efficient scheme to overcome the security flaws.
On the security of a simple three-party key exchange protocol without server's public keys
TheScientificWorldJournal, 2014
Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.
Efficient Three Party Key Exchange Protocol
Bulletin of Electrical Engineering and Informatics, 2012
Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. In 1976, Diffie and Hellman proposed the first practical key exchange (DH key exchange) protocol. In 2005, Abdalla and Pointcheval suggested a new variation of the computational DH assumption called chosen based computational Diffie Hellman (CCDH) and presented simple password based authenticated key exchange protocols. Since then several three party password authenticated key agreement protocols have been proposed In 2007, Lu and Cao proposed a simple 3 party authenticated key exchange (S-3PAKE) protocol. Kim and Koi found that this protocol cannot resist undetectable online password guessing attack and gave fixed STPKE’ protocol as a countermeasure using exclusive-or operation. Recently, Tallapally and Padmavathy found that STPKE’ is still vulnerable to undetectable online password guessing attack and gave a modified STPKE’ protocol. Unfortunately, we find that, although modified STPKE’ protocol can resist undetectable online password guessing attack but it is vulnerable to man in the middle attack. Also, we propose and analyze an efficient protocol against all the known attacks.
Security weakness in a three-party pairing-based protocol for password authenticated key exchange
Information Sciences, 2007
Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. Recently, Wen et al. (H.-A. Wen, T.-F. Lee, T. Hwang, Provably secure three-party password-based authenticated key exchange protocol using Weil pairing, IEE Proceedings-Communications 152 proposed a new protocol for password-based authenticated key exchange in the three-party setting, where the clients trying to establish a common secret key do not share a password between themselves but only with a trusted server. Wen et al.'s protocol carries a claimed proof of security in a formal model of communication and adversarial capabilities. However, this work shows that the protocol for three-party key exchange is completely insecure and the claim of provable security is seriously incorrect. We conduct a detailed analysis of flaws in the protocol and its security proof, in the hope that no similar mistakes are made in the future.
A Survey on Three-Party Password-Based Authenticated Key Exchange (3-PAKE) Protocols
2015
Cryptographic protocols for key exchange have an aim of secure exchange of secret keys over the public network. Password based authenticated key exchange (PAKE) protocols are popularly used for communication purposes due to their convenience. As the name suggests, it involves sharing of a human-memorable password by each entity with a trusted third party. Three party PAKE (3PAKE) protocols allow two parties to authenticate each other via the trusted third party and establish a session key between them for further communication. Various 3-PAKE protocols have been proposed over the years, each having its own weaknesses and strengths. This paper presents a review of few such 3-PAKE protocols and gives suggestions for future enhancements.