Premium
Cryptanalysis of an efficient three‐party password‐based key exchange scheme
Author(s) -
Simplicio Marcos A.,
Sakuragui Rony R.M.
Publication year - 2012
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.1373
Subject(s) - computer science , password , authenticated key exchange , zero knowledge password proof , computer security , key exchange , cryptanalysis , s/key , key (lock) , password cracking , one time password , dictionary attack , password strength , scheme (mathematics) , cryptography , encryption , public key cryptography , mathematics , mathematical analysis
SUMMARY Three‐party password‐authenticated key exchange (3PAKE) protocols allow entities to negotiate a secret session key with the aid of a trusted server with whom they share a human‐memorable password. Recently, Lou and Huang proposed a simple 3PAKE protocol based on elliptic curve cryptography, which is claimed to be secure and to provide superior efficiency when compared with similar‐purpose solutions. In this paper, however, we show that the solution is vulnerable to key‐compromise impersonation and offline password guessing attacks from system insiders or outsiders, which indicates that the empirical approach used to evaluate the scheme's security is flawed. These results highlight the need of employing provable security approaches when designing and analyzing PAKE schemes. Copyright © 2011 John Wiley & Sons, Ltd.