Efficient three-party key exchange protocols with round efficiency

Taek Young Youn; Eun Sook Kang; Changhoon Lee

doi:10.1007/s11235-011-9649-3

Efficient three-party key exchange protocols with round efficiency

Taek Young Youn
, Eun Sook Kang
, Changhoon Lee

Dept. of Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

15 Scopus citations

Abstract

Recently, Guo et al. discovered some security flaws of the simple three-party key exchange protocol proposed by Lu and Cao, and proposed an improved protocol. Independently, Chung and Ku also showed some weaknesses of Lu and Cao's protocol, and provided an improved protocol. In this paper, we review some insecurity of Lu and Cao's protocol and analyze two improved protocols proposed by Guo et al. and Chung and Ku. Then we show that the protocols are still insecure. They are vulnerable to an adversary who performs an off-line password guessing attack. We provide a countermeasure by performing detailed analysis on the security flaws in two improved protocols. We also propose a secure three-party password-authenticated key exchange protocol which requires three rounds.

Original language	English
Pages (from-to)	1367-1376
Number of pages	10
Journal	Telecommunication Systems
Volume	52
Issue number	2
DOIs	https://doi.org/10.1007/s11235-011-9649-3
State	Published - Feb 2013

Keywords

Cryptanalysis
Key exchange
Password
Password guessing attack
Three-party setting

Access to Document

10.1007/s11235-011-9649-3

Cite this

@article{af863b348e5c4f248166df1e5fd41354,

title = "Efficient three-party key exchange protocols with round efficiency",

abstract = "Recently, Guo et al. discovered some security flaws of the simple three-party key exchange protocol proposed by Lu and Cao, and proposed an improved protocol. Independently, Chung and Ku also showed some weaknesses of Lu and Cao's protocol, and provided an improved protocol. In this paper, we review some insecurity of Lu and Cao's protocol and analyze two improved protocols proposed by Guo et al. and Chung and Ku. Then we show that the protocols are still insecure. They are vulnerable to an adversary who performs an off-line password guessing attack. We provide a countermeasure by performing detailed analysis on the security flaws in two improved protocols. We also propose a secure three-party password-authenticated key exchange protocol which requires three rounds.",

keywords = "Cryptanalysis, Key exchange, Password, Password guessing attack, Three-party setting",

author = "Youn, \{Taek Young\} and Kang, \{Eun Sook\} and Changhoon Lee",

year = "2013",

month = feb,

doi = "10.1007/s11235-011-9649-3",

language = "English",

volume = "52",

pages = "1367--1376",

journal = "Telecommunication Systems",

issn = "1018-4864",

number = "2",

}

TY - JOUR

T1 - Efficient three-party key exchange protocols with round efficiency

AU - Youn, Taek Young

AU - Kang, Eun Sook

AU - Lee, Changhoon

PY - 2013/2

Y1 - 2013/2

N2 - Recently, Guo et al. discovered some security flaws of the simple three-party key exchange protocol proposed by Lu and Cao, and proposed an improved protocol. Independently, Chung and Ku also showed some weaknesses of Lu and Cao's protocol, and provided an improved protocol. In this paper, we review some insecurity of Lu and Cao's protocol and analyze two improved protocols proposed by Guo et al. and Chung and Ku. Then we show that the protocols are still insecure. They are vulnerable to an adversary who performs an off-line password guessing attack. We provide a countermeasure by performing detailed analysis on the security flaws in two improved protocols. We also propose a secure three-party password-authenticated key exchange protocol which requires three rounds.

AB - Recently, Guo et al. discovered some security flaws of the simple three-party key exchange protocol proposed by Lu and Cao, and proposed an improved protocol. Independently, Chung and Ku also showed some weaknesses of Lu and Cao's protocol, and provided an improved protocol. In this paper, we review some insecurity of Lu and Cao's protocol and analyze two improved protocols proposed by Guo et al. and Chung and Ku. Then we show that the protocols are still insecure. They are vulnerable to an adversary who performs an off-line password guessing attack. We provide a countermeasure by performing detailed analysis on the security flaws in two improved protocols. We also propose a secure three-party password-authenticated key exchange protocol which requires three rounds.

KW - Cryptanalysis

KW - Key exchange

KW - Password

KW - Password guessing attack

KW - Three-party setting

UR - https://www.scopus.com/pages/publications/84879602205

U2 - 10.1007/s11235-011-9649-3

DO - 10.1007/s11235-011-9649-3

M3 - Article

AN - SCOPUS:84879602205

SN - 1018-4864

VL - 52

SP - 1367

EP - 1376

JO - Telecommunication Systems

JF - Telecommunication Systems

IS - 2

ER -

Efficient three-party key exchange protocols with round efficiency

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this