On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys
Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-p...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2014-01-01
|
| Series: | The Scientific World Journal |
| Online Access: | http://dx.doi.org/10.1155/2014/479534 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832548659989839872 |
|---|---|
| author | Junghyun Nam Kim-Kwang Raymond Choo Minkyu Park Juryon Paik Dongho Won |
| author_facet | Junghyun Nam Kim-Kwang Raymond Choo Minkyu Park Juryon Paik Dongho Won |
| author_sort | Junghyun Nam |
| collection | DOAJ |
| description | Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol. |
| format | Article |
| id | doaj-art-203759d5fb324c0d814ec780f88c8ab8 |
| institution | Kabale University |
| issn | 2356-6140 1537-744X |
| language | English |
| publishDate | 2014-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | The Scientific World Journal |
| spelling | doaj-art-203759d5fb324c0d814ec780f88c8ab82025-02-03T06:13:23ZengWileyThe Scientific World Journal2356-61401537-744X2014-01-01201410.1155/2014/479534479534On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public KeysJunghyun Nam0Kim-Kwang Raymond Choo1Minkyu Park2Juryon Paik3Dongho Won4Department of Computer Engineering, Konkuk University, 268 Chungwondaero, Chungju, Chungcheongbuk-do 380-701, Republic of KoreaInformation Assurance Research Group, Advanced Computing Research Centre, University of South Australia, Mawson Lakes, SA 5095, AustraliaDepartment of Computer Engineering, Konkuk University, 268 Chungwondaero, Chungju, Chungcheongbuk-do 380-701, Republic of KoreaDepartment of Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Suwon, Gyeonggi-do 440-746, Republic of KoreaDepartment of Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Suwon, Gyeonggi-do 440-746, Republic of KoreaAuthenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.http://dx.doi.org/10.1155/2014/479534 |
| spellingShingle | Junghyun Nam Kim-Kwang Raymond Choo Minkyu Park Juryon Paik Dongho Won On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys The Scientific World Journal |
| title | On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys |
| title_full | On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys |
| title_fullStr | On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys |
| title_full_unstemmed | On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys |
| title_short | On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys |
| title_sort | on the security of a simple three party key exchange protocol without server s public keys |
| url | http://dx.doi.org/10.1155/2014/479534 |
| work_keys_str_mv | AT junghyunnam onthesecurityofasimplethreepartykeyexchangeprotocolwithoutserverspublickeys AT kimkwangraymondchoo onthesecurityofasimplethreepartykeyexchangeprotocolwithoutserverspublickeys AT minkyupark onthesecurityofasimplethreepartykeyexchangeprotocolwithoutserverspublickeys AT juryonpaik onthesecurityofasimplethreepartykeyexchangeprotocolwithoutserverspublickeys AT donghowon onthesecurityofasimplethreepartykeyexchangeprotocolwithoutserverspublickeys |