Abstract
In order to secure large-scale peer-to-peer communication system, Chien recently presented a three-party password authenticated key exchange protocol using verifiers to reduce the damages of server corruption. In this paper, we first show his protocol is still vulnerable to a partition attack (offline dictionary attack). Thereafter we propose an enhanced verifier-based protocol that can defeat the attacks described and yet is reasonably efficient. Furthermore, we can provide the rigorous proof of the security for it.
Similar content being viewed by others
References
Bellovin S, Merritt M (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proc of IEEE symposium on security and privacyz. IEEE Computer Society Press, pp 72–84
Kobara K, Imai H (2002) Pretty-simple password-authenticated key-exchange under standard assumptions. Trans IEICE E85-A(10):2229–2237
Bresson E, Chevassut O, Pointcheval D (2004) New security results on encrypted key exchange. In: Proc PKC 2004, LNCS 2947, pp 145–158
Boyd C, Montague P, Nguyen K (2001) Elliptic curve based password authenticated key exchange protocols. In: Proc of 28th Australasian Conference on Information Security and Privacy—ACISP 2001, LNCS 2119, pp 487–501
Abdalla M, Pointcheval D (2005) Simple password-based encrypted key exchange protocols. In: Proc of topics in cryptology—CT-RSA 2005, LNCS 3376, pp 191–208
Abdalla M, Chevassut O, Pointcheval D (2005) One-time verifier-based encrypted key exchange. In: Proc of PKC ’05, LNCS 3386, pp 47–64
Lee S, Kim H, Yoo K (2005) Efficient verifier-based key agreement for three parties without server’s public key. Appl Math Comput 167(2):96–1003
Lin C, Sun H, Steiner M, Hwang T (2001) Three-party encrypted key exchange without server’s public keys. IEEE Commun Lett 5(12):497–499
Lee T, Hwang T, Lin C (2004) Enhanced three-party encrypted key exchange without server’s public keys. Comput Secur 23(7):571–577
Lu R, Cao Z (2007) Simple three-party key exchange protocol. Comput Secur 26:94–97
Abdalla M, Fouque P, Pointcheval D (2006) Password-based authenticated key exchange in the three-party setting. In: Proc of PKC’2005, LNCS 3386, pp 65–84 (Full version appeared in IEE Information Security 153(1):27–39)
Abdalla M, Pointcheval D (2005) Interactive Diffie–Hellman assumptions with applications to password-based authentication. In: Proc of FC’2005, LNCS 3570, pp 341–356
Kwon J, Jeong I, Sakurai K, Lee D (2007) Efficient verifierbased password-authenticated key exchange in the three-party setting. Comp Stand Inter 29:513–520
Huang H (2009) A simple three-party password-based key exchange protocol. Int J Commun Syst 22(7):857–862
Wu S, Chen K, Zhu Y (2013) Enhancements of a three-party password-based authenticated key exchange protocol. International Arab Journal of Information Technology, 10(3). IAJIT First Online Publication http://www.ccis2k.org/iajit/PDF/vol.10,no.3/2-2982.pdf
Chien H, Wu T (2009) Provably secure password-based three-party key exchange with optimal message steps. Comput J 52(6):646–655
Lee T, Hwang T (2010) Simple password-based three-party authenticated key exchange without server public keys. Inform Sci 180(9):1702–1714
Chien H (2011) Secure verifier-based three-party key exchange in the random oracle model. J Inf Sci Eng 27(4):1487–1501
Yoon E, Yoo K (2011) Cryptanalysis of a simple three-party password-based key exchange protocol. Int J Commun Syst 24(4):532–542
Choo K, Boyd C, Hitchcock Y (2005) Examining indistinguishability-based proof models for key establishment protocols. In: Proc of ASIACRYPT’2005, LNCS 3788, pp 585–604
Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Proc of EUROCRYPT’2000, LNCS 1807, pp 139–155
Abdalla M, Bresson E, Chevassut O, Möller B, Pointcheval D (2006) Provably secure password-based authentication in TLS. In: Proc of AsiaCCS’06. ACM, pp 35–45
Acknowledgements
This work was supported in part by the National Natural Science Foundation of China (No. 61101112), China Postdoctoral Science Foundation (No. 2011M500775), and a sub-topic of the major research project of National Natural Science Foundation of China (No. 91024131).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Pu, Q., Wang, J., Wu, S. et al. Secure verifier-based three-party password-authenticated key exchange. Peer-to-Peer Netw. Appl. 6, 15–25 (2013). https://doi.org/10.1007/s12083-012-0125-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-012-0125-y