Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.31449/inf.v34i3.308

2010-01-01

Informatica

Abstract:Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for passwordauthenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S3PAKE.

Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/506106.506108

2000-01-01

ACM SIGOPS Operating Systems Review

Abstract:Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.

XU Chun-xiang,HE Xiao-hu

DOI: https://doi.org/10.3969/j.issn.1001-0548.2012.04.023

2012-01-01

Abstract:Three-party password-based authenticated key exchange protocols allow two clients to authenticate each other and establish a shared session key through a trusted server who preserves clients’ passwords or verifiers about passwords.However,because of the low entropy of passwords,password-based authenticated key exchange protocols are vulnerable to dictionary attacks.Based on available protocols,a new efficient three-party password-based authenticated key exchange protocol is proposed by combining the symmetric encryption algorithm with the method of two-party key exchange protocol of Diffie-Hellman.Results indicate that and the proposed protocol can resist against various attacks and provide the perfect forward security.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Tianjie Cao,Dongdai Lim

DOI: https://doi.org/10.1109/lcomm.2006.1665131

IF: 3.5529

2006-01-01

IEEE Communications Letters

Abstract:In 2002, Zhu et al. proposed a password-based authenticated key exchange protocol based on RSA. Many researchers pointed out that Zhu et al.'s protocol is vulnerable to off-line dictionary attack. In 2003, Yeh et al. proposed an improved protocol. Recently, Lo and Yang-Wang pointed out that Yeh et al.'s improved protocol is also vulnerable to offline dictionary attack. To avoid this weakness existed in Yeh et al.'s protocol, Lo and Yang-Wang proposed two improved protocols. However, in this letter, we show that the Lo protocol is vulnerable to an active off-line dictionary attack and the Yang-Wang protocol is vulnerable to a passive off-line dictionary attack

Qiong Pu,Jian Wang,Shuhua Wu,Ji Fu

DOI: https://doi.org/10.1007/s12083-012-0125-y

IF: 3.488

2012-01-01

Peer-to-Peer Networking and Applications

Abstract:In order to secure large-scale peer-to-peer communication system, Chien recently presented a three-party password authenticated key exchange protocol using verifiers to reduce the damages of server corruption. In this paper, we first show his protocol is still vulnerable to a partition attack (offline dictionary attack). Thereafter we propose an enhanced verifier-based protocol that can defeat the attacks described and yet is reasonably efficient. Furthermore, we can provide the rigorous proof of the security for it.

Tianjie Cao,Tao Quan,Bo Zhang

DOI: https://doi.org/10.4304/jnw.4.4.263-270

2009-01-01

Journal of Networks

Abstract:Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) protocols allow two clients establish a common session key based on their passwords. In a secure C2C-PAKE protocol, there is no computationally bounded adversary learns anything about session keys shared between two clients. Especially a participating server should not learn anything about session keys. Server- compromise impersonation resilience is another desirable security property for a C2C-PAKE protocol. It means that compromising the password verifier of any client A should not enable outside adversary to share session key with A. Recently, Kwon and Lee proposed four C2C-PAKE protocols in the three-party setting, and Zhu et al. proposed a C2C-PAKE protocol in the cross-realm setting. All the proposed protocols are claimed to resist server compromise. However, in this paper, we show that Kwon and Lee’s protocols and Zhu et al’s protocol exist server compromise attacks, and a malicious server can mount man-in-themiddle attacks and can eavesdrop the communication between the two clients.

Hu Xiong,Yanan Chen,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1016/j.ins.2013.02.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.’s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model.

Shuhong Wang,Jie Wang,Maozhi Xu

DOI: https://doi.org/10.1007/978-3-540-24852-1_30

2004-01-01

Abstract:A password-authenticated key exchange scheme allows two entities, who only share a memorable password, to authenticate each other and to agree on a. cryptographic session key. Instead of considering it in the classic client and server scenarios, Byun et al. recently proposed a password-authenticated key exchange protocol in a cross-realm setting where two clients in different realms obtain a secret session key as well as mutual authentication, with the help of respective servers. In this paper, we first, point out that the proposed protocol is not secure, due to the choice of invalid parameters (say, subgroup generator). Furthermore, we show in detail that, even with properly chosen parameters, the protocol has still some secure flaws. We provide three attacks to illustrate the insecurity of the protocol. Finally, countermeasures are also given, which are believed able to withstand our attacks.

Junhan Yang,Tianjie Cao

2011-01-01

Journal of Computational Information Systems

Abstract:With advances in elliptic curve cryptography, Li et al. and Yoon et al. proposed two password-authenticated key exchange protocols without server's public key. They claimed to be secure against several possible attacks, securely update user passwords without a complicated process, and also provide explicit key authentication in the case of a session key agreement. Unfortunately, Li et al.'s protocol is vulnerable to off-line dictionary attack and man-in-the-middle attack. Meanwhile Yoon et al.'s protocol is subject to off-line dictionary attack and fails to provide backward secrecy. In this paper, we conduct a detailed analysis on the flaws and also propose a verifier-based password-authenticated key exchange protocol via elliptic curves which is secure against various known attacks. Copyright © 2011 Binary Information Press.

Jianjie Zhao,Dawu Gu,Lei Zhang

DOI: https://doi.org/10.1002/sec.316

IF: 1.968

2011-01-01

Security and Communication Networks

Abstract:ABSTRACTRecently, Tzung‐Her Chen, Wei‐Bin Lee, and Hsing‐Bai Chen (CLC) proposed a new three‐party password‐based authenticated key exchange (3PAKE) protocol. This CLC protocol needs not store the security‐sensitive table on the server side, which reduces the danger of the server being compromised; also, it has the advantage in terms of the round efficiency and computational cost. However, we find that the leakage of values VA and VB in the CLC protocol will make a man‐in‐the‐middle attack feasible in practice. On the basis of this finding, we present a modified 3PAKE protocol called I‐CLC protocol, which is essentially an improved CLC protocol. I‐CLC can resist attacks available, including the man‐in‐the‐middle attack that we mentioned on the initial CLC protocol. Meanwhile, the new protocol allows that the participants choose their own passwords by themselves; additionally, the computation cost of I‐CLC is lower than that of CLC protocol. Copyright © 2011 John Wiley & Sons, Ltd.

He Debiao,Chen Jianhua,Hu Jin

2010-01-01

Abstract:He Debiao, Chen Jianhua, Hu Jin School of Mathematics and Statistics, Wuhan University, Wuhan, Hubei 430072, China hedebiao@163.com Abstract: Recently, Abdalla et al. proposed a new gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where each client shares a human-memorable password with a trusted server so that they can resort to the server for authentication when want to establish a shared session key with the gateway. In the letter, we show that a malicious client of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack and can not provide the implicit key confirmation. At last, we present a countermeasure to against the attack.

Jun-Han Yang,Tian-Jie Cao

DOI: https://doi.org/10.1016/j.jss.2011.08.024

IF: 3.5

2012-01-01

Journal of Systems and Software

Abstract:Three-party password authenticated key exchange protocol is a very practical mechanism to establish secure session key through authenticating each other with the help of a trusted server. Most three-party password authenticated key exchange protocols only guarantee security in the random oracle model. However, a random oracle based cryptographic construction may be insecure when the oracle is replaced by real function. Moreover, some previous unknown attacks appear with the advance of the adversary capability. Therefore, a suitable standard model which can imitate a wider variety of attack scenarios for 3PAKE protocol is needed. Aim at resisting dictionary attack, unknown key-share attack and password-compromise impersonation attack, an expanded standard model for 3PAKE protocol is given. Meanwhile, through applying ElGamal encryption scheme and pseudorandom function, a specific three-party password authenticated key exchange protocol is proposed. The security of the proposed protocol is proven in the new standard model. The result shows that the present protocol has stronger security by comparing with other existing protocols, which covers the following security properties: (1) semantic security, (2) key privacy, (3) client-to-server authentication, (4) mutual authentication, (5) resistance to various known attacks, and (6) forward security.

LIAN Huanhuan,HOU Huiying,ZHAO Yunlei

DOI: https://doi.org/10.11959/j.issn.1000−436x.2022062

2022-01-01

Abstract:In view of the fact that server stored the passwords directly in plaintext, there was a risk of server compromise, and two-party PAKE protocol was not suitable for large-scale communication systems, a three-party verifier-based password authenticated key exchange protocol from lattices was proposed.Hashing scheme and zero-knowledge password policy check were combined to realize the generation of verifier and the password checking.A novel verifier-based 3PAKE protocol was constructed by using CCA-secure public-key encryption from lattices, which realized mutual authentication.Security and performance analysis shows that the proposed protocol has better advantages in communication efficiency and security.

XU Chun-xiang,LUO Shu-dan,Shu D. Luo

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.04.025

2009-01-01

Abstract:The three-party password-based authenticated key exchange protocol based on the CCDH assumption is analyzed. It is demonstrated that this protocol has security vulnerabilities from on-line guessing attack and lacks a perfect authentication mechanism. This paper presents an attack scheme to the protocol. Our attack scheme shows that an adversary can get other legitimate user's password successfully by on-line guessing cyclically.

Yalin Chen,Jue-Sam Chou*,Chun-Hui Huang

DOI: https://doi.org/10.48550/arXiv.1007.0060

2010-07-01

Abstract:In this paper, we analyze four authentication protocols of Bindu et al., Goriparthi et al., Wang et al. and Hölbl et al.. After investigation, we reveal several weaknesses of these schemes. First, Bindu et al.'s protocol suffers from an insider impersonation attack if a malicious user obtains a lost smart card. Second, both Goriparthi et al.'s and Wang et al.'s protocols cannot withstand a DoS attack in the password change phase, i.e. an attacker can involve the phase to make user's password never be used in subsequent authentications. Third, Hölbl et al.'s protocol is vulnerable to an insider attack since a legal but malevolent user can deduce KGC's secret key.

Cryptography and Security

SH Wang,F Bao,J Wang

DOI: https://doi.org/10.1093/ietcom/e88-b.4.1641

2005-01-01

IEICE Transactions on Communications

Abstract:In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks.

Jianjie Zhao,Dawu Gu

DOI: https://doi.org/10.1016/j.ins.2011.07.015

IF: 8.1

2011-01-01

Information Sciences

Abstract:A three-party password-based authenticated key exchange (3PAKE) protocol is a useful mechanism to establish a secure session key in a network. However, most current 3PAKE protocols only achieve “heuristic” security; the underlying hardness assumptions of these protocols are not perfect. We propose a 3PAKE protocol which is provably secure if the Diffie–Hellman problem is computationally infeasible (the CDH assumption), even in the 3eCK model where the adversary is allowed to make more queries and have more freedom than previous models. In our formal proof, we use the trapdoor test technique introduced by Cash, Kiltz and Shoup to construct an efficient decision oracle. As far as we know, our protocol is the first provably secure 3PAKE protocol based on the CDH assumption and the first 3PAKE protocol using the trapdoor test technique for the security proof.

Jianjie Zhao,Dawu Gu

DOI: https://doi.org/10.1007/s11859-010-0312-8

2010-01-01

Wuhan University Journal of Natural Sciences

Abstract:The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round efficiency (only three rounds), and its resources required for computation are relatively few. However, we find that the leakage of values A V and B V in the CLC protocol will make a man-in-the-middle attack feasible in practice, where A V and B V are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own passwords by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.

Her-tyan Yeh,Hung-min Sun,Tzonelih Hwang

DOI: https://doi.org/10.6688/jise.2003.19.6.6

2003-01-01

Journal of information science and engineering

Abstract:Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-equivalent mechanism in which a compromise of the server's database will not result in success in directly impersonating clients.