Table of Contents Author Guidelines Submit a Manuscript
The Scientific World Journal
Volume 2014, Article ID 825072, 11 pages
http://dx.doi.org/10.1155/2014/825072
Research Article

Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

1Department of Computer Engineering, Konkuk University, 268 Chungwondaero, Chungju, Chungcheongbukdo 380-701, Republic of Korea
2Information Assurance Research Group, Advanced Computing Research Centre, University of South Australia, Mawson Lakes, SA 5095, Australia
3Department of Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 440-746, Republic of Korea

Received 23 January 2014; Accepted 27 February 2014; Published 14 April 2014

Academic Editors: T. Cao, M. Ivanovic, and F. Yu

Copyright © 2014 Junghyun Nam et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. S. M. Bellovin and M. Merritt, “Encrypted key exchange: password-based protocols secure against dictionary attacks,” in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 72–84, Oakland, Calif, USA, May 1992. View at Scopus
  2. C. Herley and P. van Oorschot, “A research agenda acknowledging the persistence of passwords,” IEEE Security & Privacy, vol. 10, no. 1, pp. 28–36, 2012. View at Publisher · View at Google Scholar · View at Scopus
  3. J. Katz and V. Vaikuntanathan, “Round-optimal password-based authenticated key exchange,” Journal of Cryptology, vol. 26, no. 4, pp. 714–743, 2013. View at Publisher · View at Google Scholar
  4. W. Wang and L. Hu, “Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols,” in Progress in Cryptology—INDOCRYPT 2006, vol. 4329 of Lecture Notes in Computer Science, pp. 118–132, Springer, Berlin, Germany, 2006. View at Publisher · View at Google Scholar
  5. H. Guo, Z. Li, Y. Mu, and X. Zhang, “Cryptanalysis of simple three-party key exchange protocol,” Computers & Security, vol. 27, no. 1-2, pp. 16–21, 2008. View at Publisher · View at Google Scholar · View at Scopus
  6. J. Nam, J. Paik, H.-K. Kang, U. M. Kim, and D. Won, “An off-line dictionary attack on a simple three-party key exchange protocol,” IEEE Communications Letters, vol. 13, no. 3, pp. 205–207, 2009. View at Publisher · View at Google Scholar · View at Scopus
  7. C.-Y. Lin and T. Hwang, “On ‘a simple three-party password-based key exchange protocol’,” International Journal of Communication Systems, vol. 24, no. 11, pp. 1520–1532, 2011. View at Publisher · View at Google Scholar · View at Scopus
  8. S. Wu, Q. Pu, S. Wang, and D. He, “Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol,” Information Sciences, vol. 215, pp. 83–96, 2012. View at Publisher · View at Google Scholar
  9. J. Nam, K.-K. R. Choo, J. Paik, and D. Won, “An offline dictionary attack against a three-party key exchange protocol,” Tech. Rep. 2013/666, Cryptology ePrint Archive, 2013. View at Google Scholar
  10. J. Nam, K.-K. R. Choo, M. Kim, J. Paik, and D. Won, “Dictionary attacks against passwordbased authenticated three-party key exchange protocols,” KSII Transactions on Internet and Information Systems, vol. 7, no. 12, pp. 3244–3260, 2013. View at Google Scholar
  11. K. K. R. Choo, C. Boyd, and Y. Hitchcock, “Errors in computational complexity proofs for protocols,” in Advances in Cryptology—ASIACRYPT 2005, vol. 3788 of Lecture Notes in Computer Science, pp. 624–643, Springer, Berlin, Germany, 2005. View at Publisher · View at Google Scholar
  12. K.-K. R. Choo, C. Boyd, and Y. Hitchcock, “Examining indistinguishability-based proof models for key establishment protocols,” in Advances in Cryptology—ASIACRYPT 2005, vol. 3788 of Lecture Notes in Computer Science, pp. 585–604, Springer, Berlin, Germany, 2005. View at Publisher · View at Google Scholar
  13. K.-K. R. Choo, C. Boyd, and Y. Hitchcock, “The importance of proofs of security for key establishment protocols: formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun protocols,” Computer Communications, vol. 29, no. 15, pp. 2788–2797, 2006. View at Publisher · View at Google Scholar · View at Scopus
  14. M. Bellare, D. Pointcheval, and P. Rogaway, “Authenticated key exchange secure against dictionary attacks,” in Advances in Cryptology—EUROCRYPT 2000, vol. 1807 of Lecture Notes in Computer Science, pp. 139–155, Springer, Berlin, Germany, 2000. View at Publisher · View at Google Scholar
  15. R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols and their use for building secure channels,” in Advances in Cryptology—EUROCRYPT 2001, vol. 2045 of Lecture Notes in Computer Science, pp. 453–474, 2001. View at Publisher · View at Google Scholar
  16. B. LaMacchia, K. Lauter, and A. Mityagin, “Stronger security of authenticated key exchange,” in Provable Security, vol. 4784 of Lecture Notes in Computer Science, pp. 1–16, Springer, Berlin, Germany, 2007. View at Publisher · View at Google Scholar
  17. C.-L. Lin, H.-M. Sun, M. Steiner, and T. Hwang, “Three-party encrypted key exchange without server public-keys,” IEEE Communications Letters, vol. 5, no. 12, pp. 497–499, 2001. View at Publisher · View at Google Scholar · View at Scopus
  18. T.-F. Lee, T. Hwang, and C.-L. Lin, “Enhanced three-party encrypted key exchange without server public keys,” Computers & Security, vol. 23, no. 7, pp. 571–577, 2004. View at Publisher · View at Google Scholar · View at Scopus
  19. M. Abdalla and D. Pointcheval, “Interactive Diffie-Hellman assumptions with applications to password-based authentication,” in Financial Cryptography and Data Security, vol. 3570 of Lecture Notes in Computer Science, pp. 341–356, Springer, Berlin, Germany, 2005. View at Publisher · View at Google Scholar
  20. H.-A. Wen, T.-F. Lee, and T. Hwang, “Provably secure three-party password-based authenticated key exchange protocol using Weil pairing,” IEE Proceedings-Communications, vol. 152, no. 2, pp. 138–143, 2005. View at Publisher · View at Google Scholar
  21. M. Abdalla, P. Fouque, and D. Pointcheval, “Password-based authenticated key exchange in the three-party setting,” IEE Proceedings Information Security, vol. 153, no. 1, pp. 27–39, 2006. View at Google Scholar
  22. R. Lu and Z. Cao, “Simple three-party key exchange protocol,” Computers & Security, vol. 26, no. 1, pp. 94–97, 2007. View at Publisher · View at Google Scholar · View at Scopus
  23. H.-R. Chung and W.-C. Ku, “Three weaknesses in a simple three-party key exchange protocol,” Information Sciences, vol. 178, no. 1, pp. 220–229, 2008. View at Publisher · View at Google Scholar · View at Scopus
  24. H.-S. Kim and J.-Y. Choi, “Enhanced password-based simple three-party key exchange protocol,” Computers and Electrical Engineering, vol. 35, no. 1, pp. 107–114, 2009. View at Publisher · View at Google Scholar · View at Scopus
  25. H.-F. Huang, “A simple three-party password-based key exchange protocol,” International Journal of Communication Systems, vol. 22, no. 7, pp. 857–862, 2009. View at Publisher · View at Google Scholar · View at Scopus
  26. E. Dongna, Q. Cheng, and C. Ma, “Password authenticated key exchange based on RSA in the three-party settings,” in Provable Security, vol. 5848 of Lecture Notes in Computer Science, pp. 168–182, Springer, Berlin, Germany, 2009. View at Publisher · View at Google Scholar
  27. T.-F. Lee and T. Hwang, “Simple password-based three-party authenticated key exchange without server public keys,” Information Sciences, vol. 180, no. 9, pp. 1702–1714, 2010. View at Publisher · View at Google Scholar · View at Scopus
  28. W. Wang, L. Hu, and Y. Li, “How to construct secure and efficient three-party password-based authenticated key exchange protocols,” in Information Security and Cryptology, vol. 6584 of Lecture Notes in Computer Science, pp. 218–235, Springer, Berlin, Germany, 2010. View at Publisher · View at Google Scholar
  29. T.-Y. Chang, M.-S. Hwang, and W.-P. Yang, “A communication-efficient three-party password authenticated key exchange protocol,” Information Sciences, vol. 181, no. 1, pp. 217–226, 2011. View at Publisher · View at Google Scholar · View at Scopus
  30. J. Nam, Y. Lee, S. Kim, and D. Won, “Security weakness in a three-party pairing-based protocol for password authenticated key exchange,” Information Sciences, vol. 177, no. 6, pp. 1364–1375, 2007. View at Publisher · View at Google Scholar · View at Scopus
  31. R. C.-W. Phan, W.-C. Yau, and B.-M. Goi, “Cryptanalysis of simple three-party key exchange protocol (S-3PAKE),” Information Sciences, vol. 178, no. 13, pp. 2849–2856, 2008. View at Publisher · View at Google Scholar · View at Scopus
  32. E.-J. Yoon and K.-Y. Yoo, “Cryptanalysis of a simple three-party password-based key exchange protocol,” International Journal of Communication Systems, vol. 24, no. 4, pp. 532–542, 2011. View at Publisher · View at Google Scholar · View at Scopus
  33. H. Liang, J. Hu, and S. Wu, “Re-attack on a three-party password-based authenticated key exchange protocol,” Mathematical and Computer Modelling, vol. 57, no. 5-6, pp. 1175–1183, 2013. View at Google Scholar
  34. H.-T. Tsai and C.-C. Chang, “Provably secure three party encrypted key exchange scheme with explicit authentication,” Information Sciences, vol. 238, pp. 242–249, 2013. View at Publisher · View at Google Scholar
  35. J. Nam, K.-K. R. Choo, J. Paik, and D. Won, “On the security of a password-only authenticated three-party key exchange protocol,” Tech. Rep. 2013/540, Cryptology ePrint Archive, 2013. View at Google Scholar
  36. J. Nam, K.-K. R. Choo, J. Paik, and D. Won, “Two-round password-only authenticated key exchange in the three-party setting,” Cryptology ePrint Archive 2014/017, 2014. View at Google Scholar
  37. J.-H. Yang and T.-J. Cao, “Provably secure three-party password authenticated key exchange protocol in the standard model,” Journal of Systems and Software, vol. 85, no. 2, pp. 340–350, 2012. View at Publisher · View at Google Scholar · View at Scopus
  38. K. Yoneyama, “Efficient and strongly secure password-based server aided key exchange,” in Progress in Cryptology—INDOCRYPT 2008, vol. 5365 of Lecture Notes in Computer Science, pp. 172–184, Springer, Berlin, Germany, 2008. View at Publisher · View at Google Scholar
  39. H.-Y. Chien and T.-C. Wu, “Provably secure password-based three-party key exchange with optimal message steps,” The Computer Journal, vol. 52, no. 6, pp. 646–655, 2009. View at Publisher · View at Google Scholar · View at Scopus
  40. N. W. Lo and K.-H. Yeh, “Cryptanalysis of two three-party encrypted key exchange protocols,” Computer Standards & Interfaces, vol. 31, no. 6, pp. 1167–1174, 2009. View at Publisher · View at Google Scholar · View at Scopus
  41. D.-C. Lou and H.-F. Huang, “Efficient three-party password-based key exchange scheme,” International Journal of Communication Systems, vol. 24, no. 4, pp. 504–512, 2011. View at Publisher · View at Google Scholar · View at Scopus
  42. C. Lee, S. Chen, and C. Chen, “A computation-efficient three-party encrypted key exchange protocol,” Applied Mathematics & Information Sciences, vol. 6, no. 3, pp. 573–579, 2012. View at Google Scholar
  43. J. Zhao and D. Gu, “Provably secure three-party password-based authenticated key exchange protocol,” Information Sciences, vol. 184, no. 1, pp. 310–323, 2012. View at Publisher · View at Google Scholar · View at Scopus
  44. S. Wu, K. Chen, Q. Pu, and Y. Zhu, “Cryptanalysis and enhancements of efficient three-party password-based key exchange scheme,” International Journal of Communication Systems, vol. 26, no. 5, pp. 674–686, 2013. View at Publisher · View at Google Scholar · View at Scopus
  45. K.-K. R. Choo, “A proof of revised Yahalom protocol in the Bellare and Rogaway (1993) model,” The Computer Journal, vol. 50, no. 5, pp. 591–601, 2007. View at Publisher · View at Google Scholar · View at Scopus
  46. W. Diffie, P. C. van Oorschot, and M. J. Wiener, “Authentication and authenticated key exchanges,” Designs, Codes and Cryptography, vol. 2, no. 2, pp. 107–125, 1992. View at Publisher · View at Google Scholar · View at Scopus
  47. C. Boyd and A. Mathuria, Protocols for Authentication and Key Establishment, Springer, Berlin, Germany, 2003.
  48. B. S. Kaliski, “An unknown key-share attack on the MQV key agreement protocol,” ACM Transactions on Information and System Security, vol. 4, no. 3, pp. 275–288, 2001. View at Google Scholar
  49. J. Katz, R. Ostrovsky, and M. Yung, “Efficient and secure authenticated key exchange using weak passwords,” Journal of the ACM, vol. 57, no. 1, article 3, 2009. View at Publisher · View at Google Scholar · View at Scopus