Skip to main content
SpringerLink
Log in

Cryptanalysis of Lo et al.’s Password Based Authentication Scheme

  • Conference paper
  • First Online:
Computer Networks & Communications (NetCom)

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 131))

  • 1726 Accesses

Abstract

A key exchange protocol allows more than two parties to communicate over the insecure channel to establish common shared secret key called session key. Due to the significance of this notion to establish secure communication among parties, in literature there have been numerous approach have been proposed and analyzed based on their merits and de-merits. Recently, Lo et al. proposed a 3-party Password based Authenticated Key Exchange protocol in which two or more users equipped with pre-shared secrets to the server and can able to generate the session key with the help of the server. They claimed that their approach is resist against any known attacks. However, we observe that their protocol is not secure against against off-line password guessing attack, long term secret compromise attack as well as compromise of previous session can lead to compromise all involving users for future communication. Therefore, in this this paper first we have analyzed these attacks and suggest the improve scheme that overcomes these attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 299.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 379.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 379.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bellovin SM, Merritt M (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE symposium on security and privacy, pp 72–84, IEEE Computer Society Press

    Google Scholar 

  2. Abdalla M, Pointcheval D (2005) Simple password-based encrypted key exchange protocols. In: Menezes A (ed) CT-RSA 2005. LNCS, vol 3376. Springer, Heidelberg, pp 191–208

    Google Scholar 

  3. Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Preneel B (ed) EUROCRYPT 2000. LNCS, vol 1807. Springer, Heidelberg, pp 139–155

    Google Scholar 

  4. Abdalla M, Chevalier C, Pointcheval D (2009) Smooth projective hashing for conditionally extractable commitments. In: Halevi S (ed) CRYPTO 2009. LNCS, vol 5677. Springer, Heidelberg, pp 671–689

    Google Scholar 

  5. Boyko V, MacKenzie PD, Patel S (2000) Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel B (ed) EUROCRYPT 2000. LNCS, vol 1807. Springer, Heidelberg, pp 156–171

    Google Scholar 

  6. Bresson E, Chevassut O, Pointcheval D () Security proofs for an efficient password-based key exchange. In: Jajodia S, Atluri V, Jaeger T (eds) Proceedings of the 10th conference on computer and communications security (ACM CCS 2003), ACM Press, pp 241–250

    Google Scholar 

  7. Bresson E, Chevassut O, Pointcheval D (2004) New security results on encrypted key exchange. In: Bao F, Deng R, Zhou J (eds) PKC 2004. LNCS, vol 2947. Springer, Heidelberg, pp 145–158

    Google Scholar 

  8. Canetti R, Halevi S, Katz J, Lindell Y, MacKenzie P (2005) Universally composable password-based key exchange. In: Cramer R (ed) EUROCRYPT 2005. LNCS, vol 3494. Springer, Heidelberg, pp 404–421

    Google Scholar 

  9. Gennaro R (2008) Faster and shorter password-authenticated key exchange. In: Canetti R (ed) TCC 2008. LNCS, vol 4948. Springer, Heidelberg, pp 589–606

    Google Scholar 

  10. Gennaro R, Lindell Y (2003) A framework for password-based authenticated key exchange. In: Biham E (ed) EUROCRYPT 2003. LNCS, vol 2656. Springer, Heidelberg, pp 524–543

    Google Scholar 

  11. Katz J, Ostrovsky R, Yung M (2001) Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann B (ed) EUROCRYPT 2001. LNCS, vol 2045. Springer, Heidelberg, pp 475–494

    Google Scholar 

  12. Katz J, Vaikuntanathan V (2009) Smooth projective hashing and password-based authenticated key exchange from lattices. In: Matsui M (ed) ASIACRYPT 2009. LNCS, vol 5912. Springer, Heidelberg, pp 636–652

    Google Scholar 

  13. Katz J, Vaikuntanathan V (2011) Round-optimal password-based authenticated key exchange. In: Ishai Y (ed) TCC 2011. LNCS, vol 6597. Springer, Heidelberg, pp 293–310

    Google Scholar 

  14. Pointcheval D (2012) Exchange password-based authenticated key. PUBLIC KEY CRYPTOGRAPHY - PKC-2012, Lecture notes in computer science, vol 7293. pp 390–397, doi:10.1007/978-3-642-30057-8_23

    Google Scholar 

  15. Kobara K, Imai H (2002) Pretty-simple password authenticated key-exchange under standard assumptions. IEICE Trans E85-A(10):2229–2237

    Google Scholar 

  16. Bresson E, Chevassut O, Pointcheval D (2004) New security results on encrypted key exchange. In: Proceedings of PKC 2004, LNCS, vol 2947, pp 145–158

    Google Scholar 

  17. Boyd C, Montague P, Nguyen K (2001) Elliptic curve based password authenticated key exchange protocols. In: Proceedings of 28th australasian conference on information security and privacy—ACISP 2001, LNCS, vol. 2119, pp 487–501

    Google Scholar 

  18. Abdalla M, Pointcheval D (2005) Simple password-based encrypted key exchange protocols. In: Proceedings of topics in cryptology—CT-RSA 2005. LNCS, vol. 3376, pp 191–208

    Google Scholar 

  19. Abdalla M, Chevassut O, Pointcheval D (2005) One-time verifier-based encrypted key exchange. In: Proceedings of PKC ’05, LNCS, vol. 3386 pp 47–64

    Google Scholar 

  20. K. Kobara, H. Imai (2002) Pretty-simple passwordauthenticated key exchange under standard assumptions. IEICE Trans E85-A(10):2229–2237

    Google Scholar 

  21. Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Proceedings of the advances in cryptology (EUROCRYPT’2000), Springer, Berlin, pp 139–155

    Google Scholar 

  22. Bresson E, Chevassut O, Pointcheval D (2004) New security results on encrypted key exchange. In: Proceedings of PKC 2004, LNCS, vol 2947. Springer, Heidelberg, pp 145–158

    Google Scholar 

  23. Abdalla M, Pointcheval D (2005) Simple password-based encrypted key exchange protocols. In: Proceedings of topics in cryptology—CT-RSA 2005, LNCS, vol 3376. Springer, Heidelberg, pp 191–208

    Google Scholar 

  24. Abdalla M, Chevassut O, Pointcheval D (2005) One-time verifier-based encrypted key exchange. Proceedings of PKC ’05, LNCS, vol 3386. Springer, Heidelberg, pp 47–64

    Google Scholar 

  25. Ding Y, Horster P (1995) Undetectable on-line password guessing attacks. ACM Oper Syst Rev 29(4):77–86

    Google Scholar 

  26. Lin CL, Sun HM, Hwang T (2000) Three party-encrypted key exchange: attacks and a solution. ACM Oper Syst Rev 34(4):12–20

    Google Scholar 

  27. Lee TF, Hwang T, Lin CL (2004) Enhanced three-party encrypted key exchange without server public keys. Comput Secur 23(7):571–577

    Google Scholar 

  28. Wen HA, Lee TF, Hwang T (2005) Provably secure three-party password-based authenticated key exchange protocol using Weil pairing. IEE Proc Commun 152(2):138–143

    Google Scholar 

  29. Nam J, Lee Y, Kim S, Won D (2007) Security weakness in a three-party pairing-based protocol for password authenticated key exchange. Inf Sci 177(6):1364–1375

    Google Scholar 

  30. Yeh HT, Sun HM (2004) Password-based user authentication and key distribution protocols for client-server applications. J Syst Softw 72(1):97–103

    Google Scholar 

  31. Yoon E-J, Yoo K-Y (2012) Cryptanalysis of an efficient three-party password-based key exchange scheme, In: Procedia Engineering, vol 29, pp 3972–3979, ISSN 1877–7058, doi:10.1016/j.proeng.2012.01.604

  32. Steiner M, Tsudik G, Waidner M (1995) Refinement and extension of encrypted key exchange. ACM Oper Syst Rev 29:22–30

    Google Scholar 

  33. Lin CL, Sun HM, Hwang T (2000) Three-party encrypted key exchange: attacks and a solution. ACM Oper Syst Rev 34:12–20

    Google Scholar 

  34. Chang CC, Chang YF (2004) A novel three-party encrypted key exchange protocol. Comput Stand Interfaces 26(5):472–476

    Google Scholar 

  35. Lee TF, Hwang T, Lin CL (2004) Enhanced three-party encrypted key exchange without server public keys. Comput Secur 23(7):571–577

    Google Scholar 

  36. Lee SW, Kim HS, Yoo KY (2005) E?cient verifier-based key agreement protocol for three parties without server’s public key. Appl Math Comput 167(2):996–1003

    Google Scholar 

  37. Sun HM, Chen BC, Hwang T (2005) Secure key agreement protocols for three-party against guessing attacks. J Syst Softw 75:63–68

    Google Scholar 

  38. Lu RX, Cao ZF (2007) Simple three-party key exchange protocol. Comput Secur 26:94–97

    Google Scholar 

  39. Yoon EJ, Yoo KY (2008) Improving the novel three-party encrypted key exchange protocol. Comput Stand Interfaces 30(5):309–314

    Google Scholar 

  40. Phan RCW, Yau WC, Goi BM (2008) Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Inf Sci 178:2849–2856

    Google Scholar 

  41. Guo H, Li Z (2008) Cryptanalysis of simple three-party key exchange protocol. Comput Secur 27:16–21

    Google Scholar 

  42. Kim HS, Choi JY (2009) Enhanced password-based simple three-party key exchange protocol. Comput Electr Eng 35:107–114

    Google Scholar 

  43. Huang HF (2009) A simple three-party password-based key exchange protocol. Int J Commun Syst 22:857–862

    Google Scholar 

  44. Yang JH, Chang CC (2009) An e?cient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. J Syst Softw 82(9):1497–1502

    Google Scholar 

  45. Ding Y, Horster P (1995) Undetectable on-line password guessing attacks. ACM Oper Syst Rev 29(4):77–86

    Google Scholar 

  46. Lo NW, Yeh K-H (2010) A practical three-party authenticated key exchange protocol. Int J Innovative Comput Inf Control 6(6):2469–2483

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Institute of Technology, Surat, India

    Nishant Doshi

  2. S N P I T & R C, Vidyabharti Campus, Umrakh, India

    Bhavesh Patel

Authors
  1. Nishant Doshi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bhavesh Patel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nishant Doshi .

Editor information

Editors and Affiliations

  1. Department of Computer Science & Eng., University of Calcutta, Calcutta, 700 073, India

    Nabendu Chaki

  2. , Department of Computer Science, Jackson State University, John R. Lynch Street 1400, Jackson, 39217, USA

    Natarajan Meghanathan

  3. Wireilla Net Solutions PTY Ltd, Merlow Street 10, Albion, 3020, Victoria, Australia

    Dhinaharan Nagamalai

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media New York

About this paper

Cite this paper

Doshi, N., Patel, B. (2013). Cryptanalysis of Lo et al.’s Password Based Authentication Scheme. In: Chaki, N., Meghanathan, N., Nagamalai, D. (eds) Computer Networks & Communications (NetCom). Lecture Notes in Electrical Engineering, vol 131. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-6154-8_44

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-6154-8_44

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-6153-1

  • Online ISBN: 978-1-4614-6154-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation