Journal ArticleDOI
Cryptanalysis of a simple three-party password-based key exchange protocol
Eun-Jun Yoon,Kee-Young Yoo +1 more
TLDR
It is demonstrated that HS‐3PAKE protocol is vulnerable to undetectable online password guessing attacks and off‐line password guessing attack by any other user.Abstract:
In order to secure communications between two clients with a trusted server's help in public network environments, a three-party authenticated key exchange (3PAKE) protocol is used to provide the transaction confidentiality and the efficiency. In 2009, Huang proposed a simple three-party password-based authenticated key exchange (HS-3PAKE) protocol without any server's public key. By analysis, Huang claimed that the proposed HS-3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that HS-3PAKE protocol is vulnerable to undetectable online password guessing attacks and off-line password guessing attacks by any other user. Copyright © 2010 John Wiley & Sons, Ltd.read more
Citations
More filters
Journal ArticleDOI
An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics
Ming-Chin Chuang,Meng Chang Chen +1 more
TL;DR: This paper proposes an anonymous multi-server authenticating key agreement scheme based on trust computing using smart cards, password, and biometrics which can be seen to resist several kinds of attacks, and to have more security properties than other comparable schemes.
Journal ArticleDOI
A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps
TL;DR: A scheme utilizing three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps, which is more efficient and secure than previously proposed schemes.
Journal ArticleDOI
A secure and efficient identity-based authenticated key exchange protocol for mobile client---server networks
TL;DR: The rigorous analysis shows that the improved identity-based two-party authentication key exchange protocol using elliptic curves achieves more security than related protocols.
Journal ArticleDOI
On ‘a simple three-party password-based key exchange protocol’
Ching-Ying Lin,Tzonelih Hwang +1 more
TL;DR: This work shows that the protocol proposed could be vulnerable to an undetectable online password guessing attack, and an improved protocol is proposed to avoid the attack.
Journal ArticleDOI
Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme
Hong-bin Tang,Xin-song Liu +1 more
TL;DR: It is demonstrated that the proposed improved dynamic ID‐based remote user authentication with key agreement scheme for mobile and home networks is vulnerable to the privileged insider, off‐line password guessing, impersonation, and server spoofing attacks and does not provide any user anonymity and forward secrecy property.
References
More filters
Proceedings ArticleDOI
Encrypted key exchange: password-based protocols secure against dictionary attacks
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Journal ArticleDOI
Authentication and authenticated key exchanges
TL;DR: A simple, efficient protocol referred to as the station-to-station (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols.
Journal ArticleDOI
Undetectable on-line password guessing attacks
Yun Ding,Patrick Horster +1 more
TL;DR: This work shows that 3-party-based authentication protocols are not resistant to a new type of attack called "undetectable on-line password guessing attack", where the authentication server responds and leaks verifiable information for an attacker to verify his guess.
Journal ArticleDOI
Three-party encrypted key exchange: attacks and a solution
TL;DR: This paper shows a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol and proposes a new three-party EKE protocol which not only is secure against both the off-lines guessing attack and undetectable on-line guesses but also satisfies the security properties of perfect forward secrecy and known-key security.
Book ChapterDOI
Examining indistinguishability-based proof models for key establishment protocols
TL;DR: In this paper, the authors examine indistinguishability-based models for key establishment protocols, including the Bellare, Pointcheval, and Rogaway (2000) and the Canetti & Krawczyk (2001) models.