A Survey on Three-Party Password-Based Authenticated Key Exchange (3-PAKE) Protocols (original) (raw)
Related papers
Password-based authenticated key exchange protocol is a type of authenticated key exchange protocols which enables two or more communication entities, who only share weak, low-entropy and easily memorable passwords, to authenticate each other and establish a high-entropy secret session key. In 2012, Tallapally proposed an enhanced three-party password-based authenticated key exchange protocol to overcome the weaknesses of Huang’s scheme. However, in this paper, we indicate that the Tallapally’s scheme not only is still vulnerable to undetectable online password guessing attack, but also is insecure against off-line password guessing attack. Therefore, we propose a more secure and efficient scheme to overcome the security flaws.
Cryptanalysis of a Three-party Password-based Authenticated Key Exchange Protocol
Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Recently, Lo et al. proposed a three-party password-based authenticated key exchange (3PAKE) protocol, where two users, each shares a human-memorable password with a server, can generate a session key for future communication with the help of the server. They claimed that their scheme could resist various attacks. However, this work shows that Lo et al.'s protocol is vulnerable to an off-line password guessing attack. The analysis show Lo et al.'s protocols is not suitable for practical applications.
Cryptanalysis of an efficient three‐party password‐based key exchange scheme
2012
Three-party password-authenticated key exchange (3PAKE) protocols allow entities to negotiate a secret session key with the aid of a trusted server with whom they share a human-memorable password. Recently, Lou and Huang proposed a simple 3PAKE protocol based on elliptic curve cryptography, which is claimed to be secure and to provide superior efficiency when compared with similar-purpose solutions. In this paper, however, we show that the solution is vulnerable to key-compromise impersonation and offline password guessing attacks from system insiders or outsiders, which indicates that the empirical approach used to evaluate the scheme's security is flawed. These results highlight the need of employing provable security approaches when designing and analyzing PAKE schemes.
Efficient Three Party Key Exchange Protocol
Bulletin of Electrical Engineering and Informatics, 2012
Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. In 1976, Diffie and Hellman proposed the first practical key exchange (DH key exchange) protocol. In 2005, Abdalla and Pointcheval suggested a new variation of the computational DH assumption called chosen based computational Diffie Hellman (CCDH) and presented simple password based authenticated key exchange protocols. Since then several three party password authenticated key agreement protocols have been proposed In 2007, Lu and Cao proposed a simple 3 party authenticated key exchange (S-3PAKE) protocol. Kim and Koi found that this protocol cannot resist undetectable online password guessing attack and gave fixed STPKE’ protocol as a countermeasure using exclusive-or operation. Recently, Tallapally and Padmavathy found that STPKE’ is still vulnerable to undetectable online password guessing attack and gave a modified STPKE’ protocol. Unfortunately, we find that, although modified STPKE’ protocol can resist undetectable online password guessing attack but it is vulnerable to man in the middle attack. Also, we propose and analyze an efficient protocol against all the known attacks.
An ID-based authenticated three-party key exchange protocol
ACCENTS Transactions on Information Security, 2017
Key exchange protocols enable two parties to communicate securely over an untrusted network by exchanging a shared secret among them. Authentication and privacy are the two primary objectives of network security where privacy ensures that transmitted messages cannot eavesdrop. On the other hand, authentication assures that no unauthorized user can gain access maliciously. These two goals can be achieved simultaneously, using authenticated key exchange scheme where two or more parties can share a common secret to transmit a message securely in an open network. Abundant work has been done in 3PAKErelevant to password-based authentication, traditional public key cryptosystem (PKC) and without server's public key
An novel three-party authenticated key exchange protocol using one-time key
Journal of Network and Computer Applications, 2013
Three-party authenticated key exchange protocol (3PAKE) is an important cryptographic technique for secure communication which allows two parties to agree a new secure session key with the help of a trusted server. In this paper, we propose a new three-party authenticated key exchange protocol which aims to achieve more efficiency with the same security level of other existing 3PAKE protocols. Security analysis and formal verification using AVISPA tools show that the proposed protocol is secure against various known attacks. Comparing with other typical 3PAKE protocols, the proposed protocol is more efficient with less computation complexity.
On the security of a password-only authenticated three-party key exchange protocol
This note reports major previously unpublished security vulnerabilities in the password-only authenticated three-party key exchange protocol due to Lee and Hwang (Information Sciences, 180, 1702-1714, 2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary.
Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting
Symmetry, 2015
We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptions on the cryptographic primitives used. We also investigate the security of the two-round, three-party PAKE protocol of Wang, Hu and Li (2010) and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary.
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
2008
Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Pointcheval two-party SPAKE extended to three parties. S-3PAKE can be seen to have a structure alternative to that of another three-party PAKE protocol (3PAKE) by Abdalla and Pointcheval.
An enhanced password authenticated key exchange protocol without server public keys
2012 International Conference on ICT Convergence (ICTC), 2012
Password Authenticated Key Exchange (PAKE) protocols permit two entities to generate a large common session key and authenticate each other based on a pre-shared human memorable password. In 2006, Strangio proposed the DH-BPAKE protocol and claimed that the mentioned protocol is provably secure against several attacks. In this paper, it is shown that the DH-BPAKE protocol is vulnerable to password compromise impersonation attack and it is not efficient due to the number of running steps and its computational load. To overcome these weaknesses, an enhanced PAKE protocol is proposed which provides several security properties. In addition, it is proved that our proposed scheme is more sefficient 1 (Secure & Efficient) in comparison with DH-BPAKE protocol.