Abstract
Three-party password authenticated key exchange (3PAKE) protocol plays a significant role in the history of secure communication area in which two clients agree a robust session key in an authentic manner based on passwords. In recent years, researchers focused on developing simple 3PAKE (S-3PAKE) protocol to gain system efficiency while preserving security robustness for the system. In this study, we first demonstrate how an undetectable on-line dictionary attack can be successfully applied over three existing S-3PAKE schemes. An error correction code (ECC) based S-3PAKE protocol is then introduced to eliminate the identified authentication weakness.
Similar content being viewed by others
References
Lu R X, Cao Z F. Simple three-party key exchange protocol [J]. Computers and Security, 2007, 26(1): 94–97.
Chung H R, Ku W C. Three weaknesses in a simple three-party key exchange protocol [J]. Information Sciences, 2008, 178(1): 220–229.
Guo H, Li Z J, Mu Y, et al. Cryptanalysis of simple three-party key exchange protocol [J]. Computers and Security, 2008, 27(1–2): 16–21.
Nam J Y, Paik J Y, Kang H K, et al. An off-line dictionary attack on a simple three-party key exchange protocol [J]. IEEE Communications Letters, 2009, 13(3): 205–207.
Phan R C-W, Yau W C, Goi B M. Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) [J]. Information Sciences, 2008, 178(13): 2849–2856.
Ding Y, Horster P. Undetectable on-line password guessing attacks [J]. ACM SIGOPS Operating Systems Review, 1995, 29(4): 77–86.
Chien Hung-yu, Laih Chi-sung. ECC-based lightweight authentication protocol with untraceability for low-cost RFID [J]. Journal of Parallel and Distributed Computing, 2009, 69(10): 848–853.
Lin S, Costello D J. Error control coding: Fundamentals and applications [M]. New Jersey: Prentice-Hall Press, 1983.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: the National Science Council (Nos. NSC 99-2218-E-011-014 and NSC 100-2219-E-011-002)
Rights and permissions
About this article
Cite this article
Lo, Nw., Yeh, Kh. Simple three-party password authenticated key exchange protocol. J. Shanghai Jiaotong Univ. (Sci.) 16, 600–603 (2011). https://doi.org/10.1007/s12204-011-1195-3
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12204-011-1195-3
Key words
- authentication
- cryptanalysis
- error correction code (ECC)
- simple three-party password authenticated key exchange (S-3PAKE)
- security
- undetectable on-line dictionary attack