Cryptanalysis of simple three-party key exchange protocol

Guo, Hua; Li, Zhoujun; Mu, Yi; Zhang, Xiyong

doi:10.1016/j.cose.2008.03.001

Cited by 78 publications

(45 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By security analysis, Huang claimed that the proposed HS-3PAKE protocol to be not only secure against various attacks, but also more efficient than the previously proposed 3PAKE protocols. However, this paper demonstrates that HS-3PAKE protocol is vulnerable to undetectable online password guessing attacks [9,10,15,16] and off-line password guessing attacks by any other user [11,14].…”

Section: Introductionmentioning

confidence: 94%

Cryptanalysis of a simple three‐party password‐based key exchange protocol

Yoon

Yoo

2011

Int J Communication

View full text Add to dashboard Cite

SUMMARYIn order to secure communications between two clients with a trusted server's help in public network environments, a three-party authenticated key exchange (3PAKE) protocol is used to provide the transaction confidentiality and the efficiency. In 2009, Huang proposed a simple three-party password-based authenticated key exchange (HS-3PAKE) protocol without any server's public key. By analysis, Huang claimed that the proposed HS-3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that HS-3PAKE protocol is vulnerable to undetectable online password guessing attacks and off-line password guessing attacks by any other user.

show abstract

Section: Introductionmentioning

confidence: 94%

Cryptanalysis of a simple three‐party password‐based key exchange protocol

Yoon

Yoo

2011

Int J Communication

View full text Add to dashboard Cite

show abstract

“…We make no idealizing assumptions in our security proof. Similar to the protocols of [2,11,12,19,24], our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. If the underlying two-party protocol is round-optimal [45][46][47], then our three-party protocol runs in only two communication rounds.…”

Section: Protocolmentioning

confidence: 99%

“…Many of these protocols have never been proven secure in any model [3,13,[17][18][19][20][21] and/or have been found to be vulnerable to some attack(s) [2,3,5,6,8,[18][19][20]23,[26][27][28][29][30][31][32]. Some protocols [2,11,12,15,23,24] have been proven secure only in a restricted model, in which the adversary is not allowed to corrupt protocol participants, and thus, no attacks by malicious clients can be captured.…”

Section: Introductionmentioning

confidence: 99%

“…A number of three-party PAKE protocols have been proposed over the last decade [2,3,5,6,[11][12][13][14][15][16][17][18][19][20][21][22][23][24][25]. Many of these protocols have never been proven secure in any model [3,13,[17][18][19][20][21] and/or have been found to be vulnerable to some attack(s) [2,3,5,6,8,[18][19][20]23,[26][27][28][29][30][31][32].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

et al. 2015

View full text Add to dashboard Cite

We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptions on the cryptographic primitives used. We also investigate the security of the two-round, three-party PAKE protocol of Wang, Hu and Li (2010) and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary.

show abstract

“…It helps in maintaining a secure link by using a common session key for specific communication. Schemes [5][6][7] discuss secure session key establishment between participants but later [8][9][10] identified that these plans are vulnerable to man-in-the-middle attack and undetectable online and offline dictionary attacks for guessing passwords. ECC-based schemes are also explored to evaluate the applicability of efficient solutions with desired security strengths using small key sizes as compared to preliminaries.…”

Section: Introductionmentioning

confidence: 99%

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

et al. 2017

View full text Add to dashboard Cite

Internet-of-Things (IoT) include a large number of devices that can communicate across different networks. Cyber-Physical Systems (CPS) also includes a number of devices connected to the internet where wearable devices are also included. Both systems enable researchers to develop healthcare systems with additional intelligence as well as prediction capabilities both for lifestyle and in hospitals. It offers as much persistence as a platform to ubiquitous healthcare by using wearable sensors to transfer the information over servers, smartphones, and other smart devices in the Telecare Medical Information System (TMIS). Security is a challenging issue in TMIS, and resourceful access to health care services requires user verification and confidentiality. Existing schemes lack in ensuring reliable prescription safety along with authentication. This research presents a Secure Authentication and Prescription Safety (SAPS) protocol to ensure secure communication between the patient, doctor/nurse, and the trusted server. The proposed procedure relies upon the efficient elliptic curve cryptosystem which can generate a symmetric secure key to ensure secure data exchange between patients and physicians after successful authentication of participants individually. A trusted server is involved for mutual authentication between parties and then generates a common key after completing the validation process. Moreover, the scheme is verified by doing formal modeling using Rubin Logic and validated using simulations in NS-2.35. We have analyzed the SAPS against security attacks, and then performance analysis is elucidated. Results prove the dominance of SAPS over preliminaries regarding mutual authentication, message integrity, freshness, and session key management and attack prevention.

show abstract

Cryptanalysis of simple three-party key exchange protocol

Cited by 78 publications

References 14 publications

Cryptanalysis of a simple three‐party password‐based key exchange protocol

Cryptanalysis of a simple three‐party password‐based key exchange protocol

Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

Contact Info

Product

Resources

About