Table of Contents Author Guidelines Submit a Manuscript
The Scientific World Journal
Volume 2014, Article ID 479534, 7 pages
http://dx.doi.org/10.1155/2014/479534
Research Article

On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

1Department of Computer Engineering, Konkuk University, 268 Chungwondaero, Chungju, Chungcheongbuk-do 380-701, Republic of Korea
2Information Assurance Research Group, Advanced Computing Research Centre, University of South Australia, Mawson Lakes, SA 5095, Australia
3Department of Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Suwon, Gyeonggi-do 440-746, Republic of Korea

Received 19 June 2014; Accepted 16 July 2014; Published 1 September 2014

Academic Editor: Moonseong Kim

Copyright © 2014 Junghyun Nam et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.