1. An undetectable on-line password guessing attack on Nam et al.'s three-party key exchange protocol.
- Author
-
Lee, Cheng-Chi, Li, Chun-Ta, and Chang, Rui-Xiang
- Subjects
- *
COMPUTER passwords , *CYBERTERRORISM , *CRYPTOGRAPHY , *COMPUTER network protocols , *COMPUTER security , *COMPUTER networks , *COMPUTER access control - Abstract
Three-party key exchange protocol is one of the most essential cryptographic technique in the secure communication areas. In this protocol, two clients, each shares a human-memorable password, working with a trusted server, can agree a secure session key. Recently, Lu and Cao proposed a new simple three-party key exchange (S-3PAKE) protocol and claimed that it is not only very simple and efficient, but also can survive against various known attacks. However, Nam et al. pointed out that S-3PAKE is vulnerable to both off-line password guessing attack and undetectable on-line password guessing attack. Based on their finding, Nam et al. proposed an improved method to resolve this weakness. They further claimed that so far no off-line password guessing attack has been successful against their proposed protocol. In this paper, we demonstrate that Nam et al.'s improved protocol, unfortunately, is still vulnerable to an undetectable on-line password guessing attack. We therefore propose a simple and powerful method to address this issue. Which results in an improved three-party key exchange protocol that can protect against an undetectable on-line password guessing attack. [ABSTRACT FROM AUTHOR]
- Published
- 2013
- Full Text
- View/download PDF