Back to Search
Start Over
Security weakness in a three-party pairing-based protocol for password authenticated key exchange
- Source :
-
Information Sciences . Mar2007, Vol. 177 Issue 6, p1364-1375. 12p. - Publication Year :
- 2007
-
Abstract
- Abstract: Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. Recently, Wen et al. (H.-A. Wen, T.-F. Lee, T. Hwang, Provably secure three-party password-based authenticated key exchange protocol using Weil pairing, IEE Proceedings—Communications 152 (2) (2005) 138–143) proposed a new protocol for password-based authenticated key exchange in the three-party setting, where the clients trying to establish a common secret key do not share a password between themselves but only with a trusted server. Wen et al.’s protocol carries a claimed proof of security in a formal model of communication and adversarial capabilities. However, this work shows that the protocol for three-party key exchange is completely insecure and the claim of provable security is seriously incorrect. We conduct a detailed analysis of flaws in the protocol and its security proof, in the hope that no similar mistakes are made in the future. [Copyright &y& Elsevier]
- Subjects :
- *COMPUTER network protocols
*COMPUTER passwords
*COMMUNICATION
*COMPUTER security
Subjects
Details
- Language :
- English
- ISSN :
- 00200255
- Volume :
- 177
- Issue :
- 6
- Database :
- Academic Search Index
- Journal :
- Information Sciences
- Publication Type :
- Periodical
- Accession number :
- 23604720
- Full Text :
- https://doi.org/10.1016/j.ins.2006.09.001