Abstract
The three-party password-based authenticated key exchange (3PAKE) protocol allows two users to share a session key for future communication with the help of a trusted server in the public network. Recently, Zhao et al. [Zhao J., Gu D., Zhang L., Security analysis and enhancement for three-party password-based authenticated key exchange protocol, Security Communication Networks 2012; 5(3):273-278] proposed an efficient 3PAKE protocol using smart cards. They proved that their protocol can withstand various known attacks found in the previously published schemes. However, in this paper, we point out that their protocol is vulnerable to three kinds of attacks namely, off-line password-guessing attack, privileged insider attack and stolen smart card attack. Hence, Zhao et al.’s scheme is not recommended for practical applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lin, C.L., Sun, H.M., Steiner, M., Hwang, T.: Three‐party encrypted key exchange without server Public-keys. IEEE Communication Letters 5, 497–499 (2001)
Chang, C.C., Chang, Y.F.: A novel three-party encrypted key exchange protocol. Computer Standards and Interfaces 26, 471–476 (2004)
Lee, T.F., Hwang, T., Lin, C.L.: Enhanced three-party encrypted key exchange without server public keys. Computers & Security 23, 571–577 (2004)
Lee, S.W., Kim, H.S., Yoo, K.Y.: Efficient verifier-based key agreement protocol for three parties without server’s public key. Applied Mathematics and Computation 167, 996–1003 (2005)
Guo, H., Li, Z., Mu, Y., Zhang, X.: Cryptanalysis of simple three-party key exchange protocol. Computers & Security 27(1-2), 16–21 (2008)
Huang, H.: A simple three-party password-based key exchange protocol. International Journal of Communication Systems 22(7), 857–862 (2009)
Chen, T.H., Lee, W.B., Chen, H.B.: A round- and computation-efficient three-party authenticated key exchange protocol. The Journal of Systems and Software 81, 1581–1590 (2008)
Zhao, J., Gu, D., Zhang, L.: Security analysis and enhancement for three-party password-based authenticated key exchange protocol. Security & Communication Networks 5(3), 273–278 (2012)
Hsiang, H., Shiha, W.: Improvement of the secure dynamic ID based remote user authentication next term scheme for multi-server environment. Computer Standards & Interfaces 31(6), 1118–1123 (2009)
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T., Dabbish, E., Sloan, R.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)
Zhian, Z.: An Efficient Authentication Scheme for Telecare Medicine Information Systems. Journal of Medical Systems, Springer (2012), doi: 10.1007/s10916-012-9856-9
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Khan, M.K., He, D. (2012). Weaknesses of “Security Analysis and Enhancement for Three-Party Password-Based Authenticated Key Exchange Protocol”. In: Xiang, Y., Pathan, M., Tao, X., Wang, H. (eds) Data and Knowledge Engineering. ICDKE 2012. Lecture Notes in Computer Science, vol 7696. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34679-8_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-34679-8_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34678-1
Online ISBN: 978-3-642-34679-8
eBook Packages: Computer ScienceComputer Science (R0)