Institutional Repository
| finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys | |
| Xiong Hu; Chen Yanan; Guan Zhi; Chen Zhong | |
| 2013 | |
| Source | Information Sciences
 |
| ISSN | 0020-0255 |
| Pages | - |
| English Abstract | Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.'s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model. © 2013 Elsevier Inc. All rights reserved.; Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.'s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model. © 2013 Elsevier Inc. All rights reserved. |
| Indexed Type | EI |
| Keyword | Artificial Intelligence Software Engineering |
| Department | (1) School of Computer Science and Engineering The University of Electronic Science and Technology of China Chengdu PR China; (2) State Key Laboratory of Rail Traffic Control and Safety Beijing Jiao Tong University Beijing PR China; (3) Institute of Software School of Electronics Engineering and Computer Science Peking University Beijing PR China; (4) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing PR China |
| Language | 英语 |
| WOS ID | WOS:000317887100023 |
| Citation statistics | |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/15214 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Xiong Hu,Chen Yanan,Guan Zhi,et al. finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys[J]. Information Sciences,2013:-. |
| APA | Xiong Hu,Chen Yanan,Guan Zhi,&Chen Zhong.(2013).finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys.Information Sciences,-. |
| MLA | Xiong Hu,et al."finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys".Information Sciences (2013):-. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment