Skip to main content
SpringerLink
Log in

Simple three-party password authenticated key exchange protocol

  • Published:
Journal of Shanghai Jiaotong University (Science) Aims and scope Submit manuscript

Abstract

Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system efficiency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Lu R X, Cao Z F. Simple three-party key exchange protocol [J]. Computers and Security, 2007, 26(1): 94–97.

    Article  Google Scholar 

  2. Chung H R, Ku W C. Three weaknesses in a simple three-party key exchange protocol [J]. Information Sciences, 2008, 178(1): 220–229.

    Article  MathSciNet  MATH  Google Scholar 

  3. Guo H, Li Z J, Mu Y, et al. Cryptanalysis of simple three-party key exchange protocol [J]. Computers and Security, 2008, 27(1–2): 16–21.

    Article  Google Scholar 

  4. Nam J Y, Paik J Y, Kang H K, et al. An off-line dictionary attack on a simple three-party key exchange protocol [J]. IEEE Communications Letters, 2009, 13(3): 205–207.

    Article  Google Scholar 

  5. Phan R C-W, Yau W C, Goi B M. Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) [J]. Information Sciences, 2008, 178(13): 2849–2856.

    Article  MathSciNet  MATH  Google Scholar 

  6. Ding Y, Horster P. Undetectable on-line password guessing attacks [J]. ACM SIGOPS Operating Systems Review, 1995, 29(4): 77–86.

    Article  Google Scholar 

  7. Chien Hung-yu, Laih Chi-sung. ECC-based lightweight authentication protocol with untraceability for low-cost RFID [J]. Journal of Parallel and Distributed Computing, 2009, 69(10): 848–853.

    Article  Google Scholar 

  8. Lin S, Costello D J. Error control coding: Fundamentals and applications [M]. New Jersey: Prentice-Hall Press, 1983.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Management, National Taiwan University of Science and Technology, Taipei, 10607, Taiwan

    Nai-wei Lo  (罗乃维)

  2. Department of Information Management, Chinese Culture University, Taipei, 11114, Taiwan

    Kuo-hui Yeh  (叶国晖)

Authors
  1. Nai-wei Lo  (罗乃维)
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kuo-hui Yeh  (叶国晖)
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nai-wei Lo  (罗乃维).

Additional information

Foundation item: the National Science Council (Nos. NSC 99-2218-E-011-014 and NSC 100-2219-E-011-002)

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lo, Nw., Yeh, Kh. Simple three-party password authenticated key exchange protocol. J. Shanghai Jiaotong Univ. (Sci.) 16, 600–603 (2011). https://doi.org/10.1007/s12204-011-1195-3

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12204-011-1195-3

Key words

CLC number

Search

Navigation