Cryptanalysis of a Three-party Password-based Authenticated Key Exchange Protocol (original) (raw)
Related papers
Password-based authenticated key exchange protocol is a type of authenticated key exchange protocols which enables two or more communication entities, who only share weak, low-entropy and easily memorable passwords, to authenticate each other and establish a high-entropy secret session key. In 2012, Tallapally proposed an enhanced three-party password-based authenticated key exchange protocol to overcome the weaknesses of Huang’s scheme. However, in this paper, we indicate that the Tallapally’s scheme not only is still vulnerable to undetectable online password guessing attack, but also is insecure against off-line password guessing attack. Therefore, we propose a more secure and efficient scheme to overcome the security flaws.
Cryptanalysis of an efficient three‐party password‐based key exchange scheme
2012
Three-party password-authenticated key exchange (3PAKE) protocols allow entities to negotiate a secret session key with the aid of a trusted server with whom they share a human-memorable password. Recently, Lou and Huang proposed a simple 3PAKE protocol based on elliptic curve cryptography, which is claimed to be secure and to provide superior efficiency when compared with similar-purpose solutions. In this paper, however, we show that the solution is vulnerable to key-compromise impersonation and offline password guessing attacks from system insiders or outsiders, which indicates that the empirical approach used to evaluate the scheme's security is flawed. These results highlight the need of employing provable security approaches when designing and analyzing PAKE schemes.
A Survey on Three-Party Password-Based Authenticated Key Exchange (3-PAKE) Protocols
2015
Cryptographic protocols for key exchange have an aim of secure exchange of secret keys over the public network. Password based authenticated key exchange (PAKE) protocols are popularly used for communication purposes due to their convenience. As the name suggests, it involves sharing of a human-memorable password by each entity with a trusted third party. Three party PAKE (3PAKE) protocols allow two parties to authenticate each other via the trusted third party and establish a session key between them for further communication. Various 3-PAKE protocols have been proposed over the years, each having its own weaknesses and strengths. This paper presents a review of few such 3-PAKE protocols and gives suggestions for future enhancements.
On the security of a password-only authenticated three-party key exchange protocol
This note reports major previously unpublished security vulnerabilities in the password-only authenticated three-party key exchange protocol due to Lee and Hwang (Information Sciences, 180, 1702-1714, 2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary.
Cryptanalysis of simple three-party key exchange protocol
Computers & Security, 2008
Three-party authenticated key exchange (3PAKE) protocol plays an indispensable role in history of the secure communication areas in which two clients can agree a robust session key based on a human-memorable password. Current research community focuses on the issue of designing a simple 3PAKE (S-3PAKE) protocol which possesses both of robust system security and efficient computation complexity. In 2008, Chung and Ku [4] pointed out that Lu and Cao's S-3PAKE scheme [12] cannot resist three variants of the man-in-themiddle attack. The authors proposed a countermeasure to eliminate the identified weaknesses. Nevertheless, based on our security analysis, the S-3PAKE mechanism proposed by Chung and Ku is vulnerable to the undetectable on-line dictionary attack. In this paper, we review Chung and Ku's S-3PAKE protocol and analyze its robustness. For security enhancement, a modified S-3PAKE scheme is introduced to resist to the undetectable on-line dictionary attack
Security weakness in a three-party pairing-based protocol for password authenticated key exchange
Information Sciences, 2007
Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. Recently, Wen et al. (H.-A. Wen, T.-F. Lee, T. Hwang, Provably secure three-party password-based authenticated key exchange protocol using Weil pairing, IEE Proceedings-Communications 152 proposed a new protocol for password-based authenticated key exchange in the three-party setting, where the clients trying to establish a common secret key do not share a password between themselves but only with a trusted server. Wen et al.'s protocol carries a claimed proof of security in a formal model of communication and adversarial capabilities. However, this work shows that the protocol for three-party key exchange is completely insecure and the claim of provable security is seriously incorrect. We conduct a detailed analysis of flaws in the protocol and its security proof, in the hope that no similar mistakes are made in the future.
Efficient Three Party Key Exchange Protocol
Bulletin of Electrical Engineering and Informatics, 2012
Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. In 1976, Diffie and Hellman proposed the first practical key exchange (DH key exchange) protocol. In 2005, Abdalla and Pointcheval suggested a new variation of the computational DH assumption called chosen based computational Diffie Hellman (CCDH) and presented simple password based authenticated key exchange protocols. Since then several three party password authenticated key agreement protocols have been proposed In 2007, Lu and Cao proposed a simple 3 party authenticated key exchange (S-3PAKE) protocol. Kim and Koi found that this protocol cannot resist undetectable online password guessing attack and gave fixed STPKE’ protocol as a countermeasure using exclusive-or operation. Recently, Tallapally and Padmavathy found that STPKE’ is still vulnerable to undetectable online password guessing attack and gave a modified STPKE’ protocol. Unfortunately, we find that, although modified STPKE’ protocol can resist undetectable online password guessing attack but it is vulnerable to man in the middle attack. Also, we propose and analyze an efficient protocol against all the known attacks.
On the security of a simple three-party key exchange protocol without server's public keys
TheScientificWorldJournal, 2014
Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
2008
Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Pointcheval two-party SPAKE extended to three parties. S-3PAKE can be seen to have a structure alternative to that of another three-party PAKE protocol (3PAKE) by Abdalla and Pointcheval.
An enhanced password authenticated key exchange protocol without server public keys
2012 International Conference on ICT Convergence (ICTC), 2012
Password Authenticated Key Exchange (PAKE) protocols permit two entities to generate a large common session key and authenticate each other based on a pre-shared human memorable password. In 2006, Strangio proposed the DH-BPAKE protocol and claimed that the mentioned protocol is provably secure against several attacks. In this paper, it is shown that the DH-BPAKE protocol is vulnerable to password compromise impersonation attack and it is not efficient due to the number of running steps and its computational load. To overcome these weaknesses, an enhanced PAKE protocol is proposed which provides several security properties. In addition, it is proved that our proposed scheme is more sefficient 1 (Secure & Efficient) in comparison with DH-BPAKE protocol.