Cryptanalysis of a Three-Party Authenticated Key Exchange Protocol Using Elliptic Curve Cryptography

Quite recently, Yang et al. presented an efficient three-party authenticated key exchange protocol based upon elliptic curve cryptography for mobile-commerce environments. In this paper, we demonstrate that Yang et al's three-party authenticated protocol is potentially vulnerable to an unknown key-share attack. Thereafter, we suggest a countermeasure to resist our described attacks while the merits of the original protocol are left unchanged. On the other hand, through this work, we also highlight that the existence of insider attacks needs to be taken into consideration in the three-party setting.

[1]  Dongho Won,et al.  Security weakness in a three-party pairing-based protocol for password authenticated key exchange , 2007, Inf. Sci..

[2]  Burton S. Kaliski,et al.  An unknown key-share attack on the MQV key agreement protocol , 2001, ACM Trans. Inf. Syst. Secur..

[3]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[4]  Duncan S. Wong,et al.  Analysis and improvement of an authenticated key exchange protocol for sensor networks , 2005, IEEE Communications Letters.

[5]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[6]  Raphael C.-W. Phan,et al.  Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) , 2008, Inf. Sci..

[7]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[8]  Hung-Min Sun,et al.  Secure key agreement protocols for three-party against guessing attacks , 2005, J. Syst. Softw..

[9]  Gene Tsudik,et al.  New multiparty authentication services and key agreement protocols , 2000, IEEE Journal on Selected Areas in Communications.

[10]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[11]  YoungJu Choie,et al.  Efficient identity-based authenticated key agreement protocol from pairings , 2005, Appl. Math. Comput..

[12]  Jonathan Katz,et al.  Modeling insider attacks on group key-exchange protocols , 2005, CCS '05.

[13]  YauWei-Chuen,et al.  Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) , 2008 .

[14]  Nai-Wei Lo,et al.  Cryptanalysis of two three-party encrypted key exchange protocols , 2009, Comput. Stand. Interfaces.

[15]  Wei-Bin Lee,et al.  A round- and computation-efficient three-party authenticated key exchange protocol , 2008, J. Syst. Softw..

[16]  Chun-Li Lin,et al.  Enhanced three-party encrypted key exchange without server public keys , 2004, Comput. Secur..

[17]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[18]  Chin-Chen Chang,et al.  An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments , 2009, J. Syst. Softw..

[19]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[20]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[21]  Wei-Chi Ku,et al.  Three weaknesses in a simple three-party key exchange protocol , 2008, Inf. Sci..

[22]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[23]  Chin-Chen Chang,et al.  A novel three-party encrypted key exchange protocol , 2004, Comput. Stand. Interfaces.

[24]  Tzonelih Hwang,et al.  Provably secure three-party password-based authenticated key exchange protocol using Weil pairing , 2005 .

[25]  Colin Boyd,et al.  Examining Indistinguishability-Based Proof Models for Key Establishment Protocols , 2005, ASIACRYPT.

[26]  Dongho Won,et al.  Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing , 2005, IACR Cryptol. ePrint Arch..

[27]  Hung-Min Sun,et al.  Three-party encrypted key exchange: attacks and a solution , 2000, OPSR.

[28]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[29]  Zhoujun Li,et al.  Cryptanalysis of simple three-party key exchange protocol , 2008, Comput. Secur..

[30]  David Pointcheval,et al.  Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication , 2005, Financial Cryptography.

[31]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..