Premium
Cryptanalysis of a simple three‐party password‐based key exchange protocol
Author(s) -
Yoon EunJun,
Yoo KeeYoung
Publication year - 2011
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.1168
Subject(s) - computer science , password , computer security , key exchange , authenticated key exchange , oakley protocol , s/key , zero knowledge password proof , password cracking , cryptanalysis , protocol (science) , dictionary attack , computer network , password strength , simple (philosophy) , public key cryptography , key (lock) , one time password , cryptography , encryption , medicine , alternative medicine , philosophy , epistemology , pathology
In order to secure communications between two clients with a trusted server's help in public network environments, a three‐party authenticated key exchange (3PAKE) protocol is used to provide the transaction confidentiality and the efficiency. In 2009, Huang proposed a simple three‐party password‐based authenticated key exchange (HS‐3PAKE) protocol without any server's public key. By analysis, Huang claimed that the proposed HS‐3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that HS‐3PAKE protocol is vulnerable to undetectable online password guessing attacks and off‐line password guessing attacks by any other user. Copyright © 2010 John Wiley & Sons, Ltd.