Table of Contents Author Guidelines Submit a Manuscript
The Scientific World Journal
Volume 2014, Article ID 802359, 15 pages
http://dx.doi.org/10.1155/2014/802359
Research Article

Password-Only Authenticated Three-Party Key Exchange Proven Secure against Insider Dictionary Attacks

1Department of Computer Engineering, Konkuk University, 268 Chungwondaero, Chungcheongbukdo, Chungju 380-701, Republic of Korea
2Information Assurance Research Group, Advanced Computing Research Centre, University of South Australia, Mawson Lakes, SA 5095, Australia
3Department of Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Gyeonggido, Suwon 440-746, Republic of Korea

Received 24 July 2014; Accepted 7 August 2014; Published 18 September 2014

Academic Editor: Jehwan Oh

Copyright © 2014 Junghyun Nam et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. W. Wang and L. Hu, “Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols,” in Progress in Cryptology—INDOCRYPT 2006, vol. 4329 of Lecture Notes in Computer Science, pp. 118–132, Springer, Berlin, Germany, 2006. View at Google Scholar
  2. H. Guo, Z. Li, Y. Mu, and X. Zhang, “Cryptanalysis of simple three-party key exchange protocol,” Computers and Security, vol. 27, no. 1-2, pp. 16–21, 2008. View at Publisher · View at Google Scholar · View at Scopus
  3. J. Nam, J. Paik, H. Kang, U. M. Kim, and D. Won, “An off-line dictionary attack on a simple three-party key exchange protocol,” IEEE Communications Letters, vol. 13, no. 3, pp. 205–207, 2009. View at Publisher · View at Google Scholar · View at Scopus
  4. E. Yoon and K. Yoo, “Cryptanalysis of a simple three-party password-based key exchange protocol,” International Journal of Communication Systems, vol. 24, no. 4, pp. 532–542, 2011. View at Publisher · View at Google Scholar · View at Scopus
  5. J. Nam, K. K. R. Choo, M. Kim, J. Paik, and D. Won, “Dictionary attacks against password-based authenticated three-party key exchange protocols,” KSII Transactions on Internet and Information Systems, vol. 7, no. 12, pp. 3244–3260, 2013. View at Google Scholar
  6. J. Nam, K. K. R. Choo, M. Park, J. Paik, and D. Won, “On the security of a simple three-party key exchange protocol without server's public keys,” The Scientific World Journal, vol. 2014, Article ID 479534, 7 pages, 2014. View at Publisher · View at Google Scholar
  7. M. Bellare and P. Rogaway, “Entity authentication and key distribution,” in Proceedings of the Advances in Cryptology (CRYPTO '93), vol. 773 of Lecture Notes in Computer Science, pp. 232–249, Springer, Berlin, Germany.
  8. M. Abdalla, P. Fouque, and D. Pointcheval, “Password-based authenticated key exchange in the three-party setting,” in Public Key Cryptography, vol. 3386 of Lecture Notes in Computer Science, pp. 65–84, Springer, Berlin, Germany, 2005. View at Google Scholar
  9. M. Abdalla, P. Fouque, and D. Pointcheval, “Password-based authenticated key exchange in the three-party setting,” IEE Proceedings—Information Security, vol. 153, no. 1, pp. 27–39, 2006. View at Google Scholar
  10. M. Abdalla and D. Pointcheval, “Interactive diffie-hellman assumptions with applications to password-based authentication,” in Proceedings of the 9th International Conference on Financial Cryptography and Data Security (FC '05), pp. 341–356, Springer, Berlin, Germany, March 2005. View at Scopus
  11. H. Wen, T. Lee, and T. Hwang, “Provably secure three-party password-based authenticated key exchange protocol using Weil pairing,” IEE Proceedings—Communications, vol. 152, no. 2, pp. 138–143, 2005. View at Google Scholar
  12. E. Dongna, Q. Cheng, and C. Ma, “Password authenticated key exchange based on RSA in the three-party settings,” in Provable Security, vol. 5848 of Lecture Notes in Computer Science, pp. 168–182, Springer, Berlin, Germany, 2009. View at Google Scholar
  13. T. Lee and T. Hwang, “Simple password-based three-party authenticated key exchange without server public keys,” Information Sciences, vol. 180, no. 9, pp. 1702–1714, 2010. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at Scopus
  14. W. Wang, L. Hu, and Y. Li, “How to construct secure and efficient three-party password-based authenticated key exchange protocols,” in Information Security and Cryptology, vol. 6584 of Lecture Notes in Computer Science, pp. 218–235, Springer, Berlin, Germany, 2011. View at Google Scholar
  15. C. Lin and T. Hwang, “On “a simple three-party password-based key exchange protocol”,” International Journal of Communication Systems, vol. 24, no. 11, pp. 1520–1532, 2011. View at Publisher · View at Google Scholar · View at Scopus
  16. S. Wu, Q. Pu, S. Wang, and D. He, “Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol,” Information Sciences, vol. 215, pp. 83–96, 2012. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  17. J. Nam, K. K. R. Choo, J. Kim, H. Kang, J. Paik, and D. Won, “Password-only authenticated three-party key exchange with provable security in the standard model,” The Scientific World Journal, vol. 2014, Article ID 825072, 11 pages, 2014. View at Publisher · View at Google Scholar
  18. J. Nam, Y. Lee, S. Kim, and D. Won, “Security weakness in a three-party pairing-based protocol for password authenticated key exchange,” Information Sciences, vol. 177, no. 6, pp. 1364–1375, 2007. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  19. K. Yoneyama, “Efficient and strongly secure password-based server aided key exchange,” in Progress in Cryptology (INDOCRYPT '08), vol. 5365 of Lecture Notes in Computer Science, pp. 172–184, Springer, Berlin, Germany, 2008. View at Google Scholar
  20. J. Zhao and D. Gu, “Provably secure three-party password-based authenticated key exchange protocol,” Information Sciences, vol. 184, no. 1, pp. 310–323, 2012. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  21. C. Lin, H. Sun, and T. Hwang, “Three-party encrypted key exchange: attacks and a solution,” ACM SIGOPS Operating Systems Review, vol. 34, no. 4, pp. 12–20, 2000. View at Google Scholar
  22. H. Chien and T. Wu, “Provably secure password-based three-party key exchange with optimal message steps,” The Computer Journal, vol. 52, no. 6, pp. 646–655, 2009. View at Publisher · View at Google Scholar · View at Scopus
  23. N. W. Lo and K. Yeh, “Cryptanalysis of two three-party encrypted key exchange protocols,” Computer Standards and Interfaces, vol. 31, no. 6, pp. 1167–1174, 2009. View at Publisher · View at Google Scholar · View at Scopus
  24. D. Lou and H. Huang, “Efficient three-party password-based key exchange scheme,” International Journal of Communication Systems, vol. 24, no. 4, pp. 504–512, 2011. View at Publisher · View at Google Scholar · View at Scopus
  25. J. Yang and T. Cao, “Provably secure three-party password authenticated key exchange protocol in the standard model,” Journal of Systems and Software, vol. 85, no. 2, pp. 340–350, 2012. View at Publisher · View at Google Scholar · View at Scopus
  26. S. Wu, K. Chen, Q. Pu, and Y. Zhu, “Cryptanalysis and enhancements of efficient three-party password-based key exchange scheme,” International Journal of Communication Systems, vol. 26, no. 5, pp. 674–686, 2013. View at Publisher · View at Google Scholar · View at Scopus
  27. H. Tsai and C. Chang, “Provably secure three party encrypted key exchange scheme with explicit authentication,” Information Sciences, vol. 238, pp. 242–249, 2013. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  28. M. Bellare, D. Pointcheval, and P. Rogaway, “Authenticated key exchange secure against dictionary attacks,” in Advances in Cryptology—EUROCRYPT 2000, vol. 1807 of Lecture Notes in Computer Science, pp. 139–155, Springer, Berlin, Germany, 2000. View at Google Scholar
  29. J. Katz, R. Ostrovsky, and M. Yung, “Efficient password-authenticated key exchange using human-memorable passwords,” in Advances in Cryptology—EUROCRYPT 2001, vol. 2045 of Lecture Notes in Computer Science, pp. 475–494, Springer, Berlin, Germany, 2001. View at Publisher · View at Google Scholar · View at MathSciNet
  30. J. Katz, R. Ostrovsky, and M. Yung, “Efficient and secure authenticated key exchange using weak passwords,” Journal of the ACM, vol. 57, no. 1, article 3, 39 pages, 2010. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  31. R. Gennaro and Y. Lindell, “A framework for password-based authenticated key exchange,” in Advances in Cryptology—EUROCRYPT 2003, vol. 2656 of Lecture Notes in Computer Science, pp. 524–543, Springer, Berlin, Germany, 2003. View at Google Scholar
  32. P. MacKenzie, “The PAK suite: protocols for password-authenticated key exchange,” Contributions to IEEE P1363.2, 2002. View at Google Scholar
  33. S. M. Bellovin and M. Merritt, “Encrypted key exchange: password-based protocols secure against dictionary attacks,” in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 72–84, Oakland, Calif, USA, May 1992. View at Publisher · View at Google Scholar · View at Scopus
  34. E. Bresson, O. Chevassut, and D. Pointcheval, “New security results on encrypted key exchange,” in Public Key Cryptography, vol. 2947 of Lecture Notes in Computer Science, pp. 145–158, Springer, Berlin, Germany, 2004. View at Google Scholar
  35. M. Bellare and P. Rogaway, “Provably secure session key distribution—the three party case,” in Proceedings of the ACM Symposium on Theory of Computing, pp. 57–66, 1995.
  36. M. Bellare, R. Canetti, and H. Krawczyk, “Keying hash functions for message authentication,” in Advances in Cryptology—CRYPTO '96, vol. 1109 of Lecture Notes in Computer Science, pp. 1–15, Springer, Berlin, Germany, 1996. View at Publisher · View at Google Scholar
  37. M. Abdalla and D. Pointcheval, “Simple password-based encrypted key exchange protocols,” in The Cryptographers' Track at the RSA Conference, vol. 3376 of Lecture Notes in Computer Science, pp. 191–208, Springer, Berlin, Germany, 2005. View at Google Scholar
  38. K. K. R. Choo, “A proof of revised Yahalom protocol in the Bellare and Rogaway (1993) model,” Computer Journal, vol. 50, no. 5, pp. 591–601, 2007. View at Publisher · View at Google Scholar · View at Scopus