中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Title:
finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys
Author: Xiong Hu ; Chen Yanan ; Guan Zhi ; Chen Zhong
Keyword: Artificial intelligence ; Software engineering
Source: Information Sciences
Issued Date: 2013
Pages: -
Indexed Type: EI
Department: (1) School of Computer Science and Engineering The University of Electronic Science and Technology of China Chengdu PR China; (2) State Key Laboratory of Rail Traffic Control and Safety Beijing Jiao Tong University Beijing PR China; (3) Institute of Software School of Electronics Engineering and Computer Science Peking University Beijing PR China; (4) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing PR China
Abstract: Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.'s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model. © 2013 Elsevier Inc. All rights reserved.
English Abstract: Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.'s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model. © 2013 Elsevier Inc. All rights reserved.
Language: 英语
WOS ID: WOS:000317887100023
Citation statistics:
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/15214
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Xiong Hu,Chen Yanan,Guan Zhi,et al. finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys[J]. Information Sciences,2013-01-01:-.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Xiong Hu]'s Articles
[Chen Yanan]'s Articles
[Guan Zhi]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Xiong Hu]‘s Articles
[Chen Yanan]‘s Articles
[Guan Zhi]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2020  中国科学院软件研究所 - Feedback
Powered by CSpace