Skip to main content

Advertisement

SpringerLink
Log in

Secure verifier-based three-party password-authenticated key exchange

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

In order to secure large-scale peer-to-peer communication system, Chien recently presented a three-party password authenticated key exchange protocol using verifiers to reduce the damages of server corruption. In this paper, we first show his protocol is still vulnerable to a partition attack (offline dictionary attack). Thereafter we propose an enhanced verifier-based protocol that can defeat the attacks described and yet is reasonably efficient. Furthermore, we can provide the rigorous proof of the security for it.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Bellovin S, Merritt M (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proc of IEEE symposium on security and privacyz. IEEE Computer Society Press, pp 72–84

  2. Kobara K, Imai H (2002) Pretty-simple password-authenticated key-exchange under standard assumptions. Trans IEICE E85-A(10):2229–2237

    Google Scholar 

  3. Bresson E, Chevassut O, Pointcheval D (2004) New security results on encrypted key exchange. In: Proc PKC 2004, LNCS 2947, pp 145–158

  4. Boyd C, Montague P, Nguyen K (2001) Elliptic curve based password authenticated key exchange protocols. In: Proc of 28th Australasian Conference on Information Security and Privacy—ACISP 2001, LNCS 2119, pp 487–501

  5. Abdalla M, Pointcheval D (2005) Simple password-based encrypted key exchange protocols. In: Proc of topics in cryptology—CT-RSA 2005, LNCS 3376, pp 191–208

  6. Abdalla M, Chevassut O, Pointcheval D (2005) One-time verifier-based encrypted key exchange. In: Proc of PKC ’05, LNCS 3386, pp 47–64

  7. Lee S, Kim H, Yoo K (2005) Efficient verifier-based key agreement for three parties without server’s public key. Appl Math Comput 167(2):96–1003

    Article  MathSciNet  Google Scholar 

  8. Lin C, Sun H, Steiner M, Hwang T (2001) Three-party encrypted key exchange without server’s public keys. IEEE Commun Lett 5(12):497–499

    Article  Google Scholar 

  9. Lee T, Hwang T, Lin C (2004) Enhanced three-party encrypted key exchange without server’s public keys. Comput Secur 23(7):571–577

    Article  Google Scholar 

  10. Lu R, Cao Z (2007) Simple three-party key exchange protocol. Comput Secur 26:94–97

    Article  Google Scholar 

  11. Abdalla M, Fouque P, Pointcheval D (2006) Password-based authenticated key exchange in the three-party setting. In: Proc of PKC’2005, LNCS 3386, pp 65–84 (Full version appeared in IEE Information Security 153(1):27–39)

  12. Abdalla M, Pointcheval D (2005) Interactive Diffie–Hellman assumptions with applications to password-based authentication. In: Proc of FC’2005, LNCS 3570, pp 341–356

  13. Kwon J, Jeong I, Sakurai K, Lee D (2007) Efficient verifierbased password-authenticated key exchange in the three-party setting. Comp Stand Inter 29:513–520

    Article  Google Scholar 

  14. Huang H (2009) A simple three-party password-based key exchange protocol. Int J Commun Syst 22(7):857–862

    Article  Google Scholar 

  15. Wu S, Chen K, Zhu Y (2013) Enhancements of a three-party password-based authenticated key exchange protocol. International Arab Journal of Information Technology, 10(3). IAJIT First Online Publication http://www.ccis2k.org/iajit/PDF/vol.10,no.3/2-2982.pdf

  16. Chien H, Wu T (2009) Provably secure password-based three-party key exchange with optimal message steps. Comput J 52(6):646–655

    Article  Google Scholar 

  17. Lee T, Hwang T (2010) Simple password-based three-party authenticated key exchange without server public keys. Inform Sci 180(9):1702–1714

    Article  MATH  Google Scholar 

  18. Chien H (2011) Secure verifier-based three-party key exchange in the random oracle model. J Inf Sci Eng 27(4):1487–1501

    MathSciNet  MATH  Google Scholar 

  19. Yoon E, Yoo K (2011) Cryptanalysis of a simple three-party password-based key exchange protocol. Int J Commun Syst 24(4):532–542

    Article  Google Scholar 

  20. Choo K, Boyd C, Hitchcock Y (2005) Examining indistinguishability-based proof models for key establishment protocols. In: Proc of ASIACRYPT’2005, LNCS 3788, pp 585–604

  21. Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Proc of EUROCRYPT’2000, LNCS 1807, pp 139–155

  22. Abdalla M, Bresson E, Chevassut O, Möller B, Pointcheval D (2006) Provably secure password-based authentication in TLS. In: Proc of AsiaCCS’06. ACM, pp 35–45

Download references

Acknowledgements

This work was supported in part by the National Natural Science Foundation of China (No. 61101112), China Postdoctoral Science Foundation (No. 2011M500775), and a sub-topic of the major research project of National Natural Science Foundation of China (No. 91024131).

Author information

Authors and Affiliations

  1. CIMS Research Center, Tongji Univerity, Shanghai, China

    Qiong Pu & Jian Wang

  2. State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China

    Shuhua Wu

  3. Department of Network Engineering, Information Engineering University, Zhengzhou, China

    Shuhua Wu & Ji Fu

Authors
  1. Qiong Pu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shuhua Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ji Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qiong Pu.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Pu, Q., Wang, J., Wu, S. et al. Secure verifier-based three-party password-authenticated key exchange. Peer-to-Peer Netw. Appl. 6, 15–25 (2013). https://doi.org/10.1007/s12083-012-0125-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-012-0125-y

Keywords

Search

Navigation