
Security analysis and enhancement for three‐party password‐based authenticated key exchange protocol
Author(s) -
Zhao Jianjie,
Gu Dawu,
Zhang Lei
Publication year - 2012
Publication title -
security and communication networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.446
H-Index - 43
eISSN - 1939-0122
pISSN - 1939-0114
DOI - 10.1002/sec.316
Subject(s) - computer science , password , protocol (science) , dictionary attack , computer security , authenticated key exchange , key exchange , computer network , oakley protocol , man in the middle attack , key (lock) , public key cryptography , encryption , medicine , alternative medicine , pathology
Recently, Tzung‐Her Chen, Wei‐Bin Lee, and Hsing‐Bai Chen (CLC) proposed a new three‐party password‐based authenticated key exchange (3PAKE) protocol. This CLC protocol needs not store the security‐sensitive table on the server side, which reduces the danger of the server being compromised; also, it has the advantage in terms of the round efficiency and computational cost. However, we find that the leakage of values V A and V B in the CLC protocol will make a man‐in‐the‐middle attack feasible in practice. On the basis of this finding, we present a modified 3PAKE protocol called I‐CLC protocol, which is essentially an improved CLC protocol. I‐CLC can resist attacks available, including the man‐in‐the‐middle attack that we mentioned on the initial CLC protocol. Meanwhile, the new protocol allows that the participants choose their own passwords by themselves; additionally, the computation cost of I‐CLC is lower than that of CLC protocol. Copyright © 2011 John Wiley & Sons, Ltd.