Title | ||
---|---|---|
Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys |
Abstract | ||
---|---|---|
Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.'s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1016/j.ins.2013.02.004 | Inf. Sci. |
Keywords | Field | DocType |
detailed analysis,key exchange,design flaw,authenticated server,session key,improved protocol,key compromise impersonation,three-party password,case study,accepted model,key exchange protocol,server public key,authentication | Key derivation function,Zero-knowledge password proof,Authentication,Challenge–response authentication,Computer science,Computer security,Authenticated Key Exchange,Password,Public-key cryptography,Session key | Journal |
Volume | ISSN | Citations |
235, | 0020-0255 | 14 |
PageRank | References | Authors |
0.56 | 25 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Hu Xiong | 1 | 142 | 18.42 |
Yanan Chen | 2 | 15 | 1.92 |
Zhi Guan | 3 | 76 | 10.75 |
Zhong Chen | 4 | 503 | 58.35 |