Improving Security of A Communication-efficient Three-party Password Authentication Key Exchange Protocol

Three-party Password-based Authentication Key Exchange (3PAKE) allows a trusted server to assist two users to establish a common session key. Recently, Wu et al. pointed out that Chang et al.'s 3PAKE was vulnerable to the off-line guessing attack and proposed an improved 3PAKE to fix the problem. However, we found that Wu et al.'s protocol is still subject to the off-line guessing attack. In addition, the paper offers a simple method to detect the attack.

[1]  Cheng-Chi Lee,et al.  A Computation-Efficient Three-Party Encrypted Key Exchange Protocol , 2012 .

[2]  Min-Shiang Hwang,et al.  Two-party Authenticated Multiple-key Agreement Based on Elliptic Curve Discrete Logarithm Problem , 2012 .

[3]  Min-Shiang Hwang,et al.  A PARALLEL PASSWORD-AUTHENTICATED KEY EXCHANGE PROTOCOL FOR WIRELESS ENVIRONMENTS , 2010 .

[4]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[5]  Debiao He,et al.  Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol , 2012, Inf. Sci..

[6]  Min-Shiang Hwang,et al.  DoS-resistant ID-based password authentication scheme using smart cards , 2010, J. Syst. Softw..

[7]  Cheng-Chi Lee,et al.  An Improvement of SPLICE/AS in WIDE against Guessing Attack , 2001, Informatica.

[8]  Chun-Ta Li,et al.  Improving the security of a secure anonymous routing protocol with authenticated key exchange for ad hoc networks , 2008, Comput. Syst. Sci. Eng..

[9]  Cheng-Chi Lee,et al.  A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps , 2013, Nonlinear Dynamics.

[10]  Jianfeng Ma,et al.  An Improvement on a Three-party Password-based Key Exchange Protocol Using Weil Pairing , 2010, Int. J. Netw. Secur..

[11]  Cheng-Chi Lee,et al.  Guessing Attacks on Strong-Password Authentication Protocol , 2013, Int. J. Netw. Secur..

[12]  Chou Chen Yang,et al.  Cryptanalysis of Two Improved Password Authentication Schemes Using Smart Cards , 2006, Int. J. Netw. Secur..

[13]  Min-Shiang Hwang,et al.  Cryptanalysis of Tan's Improvement on a Password Authentication Scheme for Multi-server Environments , 2014, Int. J. Netw. Secur..

[14]  Hai Tao,et al.  Pass-Go: A Proposal to Improve the Usability of Graphical Passwords , 2008, Int. J. Netw. Secur..

[15]  Xu Zhuang,et al.  A Simple Password Authentication Scheme Based on Geometric Hashing Function , 2014, Int. J. Netw. Secur..

[16]  Cheng-Chi Lee,et al.  Improving Two Novel Three-Party Encrypted Key Exchange Protocols with Perfect Forward Secrecy , 2010, Int. J. Found. Comput. Sci..

[17]  Cheng-Chi Lee,et al.  An undetectable on-line password guessing attack on Nam et al.'s three-party key exchange protocol , 2013, J. Comput. Methods Sci. Eng..

[18]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[19]  Min-Shiang Hwang,et al.  An Advanced Password Authenticated Key Exchange Protocol for Imbalanced Wireless Networks , 2010 .

[20]  Jenq-Shiou Leu,et al.  Exploiting hash functions to intensify the remote user authentication scheme , 2012, Comput. Secur..

[21]  Min-Shiang Hwang,et al.  Cryptanalysis of Simple Authenticated Key Agreement Protocols , 2004 .

[22]  Cheng-Chi Lee,et al.  ON SECURITY OF A PRACTICAL THREE-PARTY KEY EXCHANGE PROTOCOL WITH ROUND EFfiCIENCY , 2015 .

[23]  Wei-Pang Yang,et al.  A communication-efficient three-party password authenticated key exchange protocol , 2011, Inf. Sci..

[24]  Min-Shiang Hwang,et al.  A user authentication system using back-propagation network , 2002, Neural Computing & Applications.

[25]  Yan Zhang,et al.  Security Management in the Next Generation Wireless Networks , 2006, Int. J. Netw. Secur..

[26]  Dawu Gu,et al.  Provably secure three-party password-based authenticated key exchange protocol , 2012, Inf. Sci..

[27]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[28]  Cheng-Chi Lee,et al.  Improved Yen-Joye's authenticated multiple-key agreement protocol , 2002 .

[29]  Min-Shiang Hwang,et al.  Authenticated key-exchange in a mobile radio network , 1997, Eur. Trans. Telecommun..

[30]  Jianhua Chen,et al.  Weaknesses of a Remote User Password Authentication Scheme Using Smart Card , 2011, Int. J. Netw. Secur..

[31]  Chia-Mei Chen,et al.  Communication-efficient three-party protocols for authentication and key agreement , 2009, Comput. Math. Appl..

[32]  M. Hwang,et al.  Simple authenticated key agreement and protected password change protocol , 2005 .

[33]  Min-Shiang Hwang,et al.  Security enhancement for the timestamp-based password authentication scheme using smart cards , 2003, Comput. Secur..

[34]  Min-Shiang Hwang,et al.  A new strong-password authentication scheme using one-way hash functions , 2006 .

[35]  Chun-Li Lin,et al.  Enhanced three-party encrypted key exchange without server public keys , 2004, Comput. Secur..

[36]  Wei-Pang Yang,et al.  Security on Improvement of Modified Authenticated Key Agreement Protocol , 2014 .

[37]  Min-Shiang Hwang,et al.  Improvement of convertible authenticated encryption schemes and its multiple recipients version , 2012 .

[38]  Cheng-Chi Lee,et al.  Towards secure and efficient user authentication scheme using smart card for multi-server environments , 2013, The Journal of Supercomputing.

[39]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[40]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..

[41]  Chun-Ta Li,et al.  A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks , 2008, Comput. Commun..