DOI QR코드

DOI QR Code

Cryptanalysis on a Three Party Key Exchange Protocol-STPKE'

  • Published : 2010.03.31

Abstract

In the secure communication areas, three-party authenticated key exchange protocol is an important cryptographic technique. In this protocol, two clients will share a human-memorable password with a trusted server, in which two users can generate a secure session key. On the other hand the protocol should resist all types of password guessing attacks. Recently, STPKE' protocol has been proposed by Kim and Choi. An undetectable online password guessing attack on STPKE' protocol is presented in the current study. An alternative protocol to overcome undetectable online password guessing attacks is proposed. The results show that the proposed protocol can resist undetectable online password guessing attacks. Additionally, it achieves the same security level with reduced random numbers and without XOR operations. The computational efficiency is improved by $\approx$ 30% for problems of size $\approx$ 2048 bits. The proposed protocol is achieving better performance efficiency and withstands password guessing attacks. The results show that the proposed protocol is secure, efficient and practical.

Keywords

References

  1. Chen TH, Lee WB. A new method for using hash functions to solve remote user authentication, Comput Electr Eng, v34 (1), pp.53-62, 2008. https://doi.org/10.1016/j.compeleceng.2007.01.001
  2. Yeh HT, Sun HM. Password authenticated key exchange protocols among diverse network domains, Comput Electr Eng, v31(3) pp.175-189, 2005. https://doi.org/10.1016/j.compeleceng.2005.03.001
  3. Ding Y, Horster P. Undetectable on-line password guessing attacks. ACM Operat Syst Rev v29 (4), pp.77-86, 1995. https://doi.org/10.1145/219282.219298
  4. Bellovin SM, Merritt M. Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE symposium on research in security and privacy, pp.72- 84, 1992. https://doi.org/10.1109/RISP.1992.213269
  5. Lee TF, Hwang T, Lin CL. Enhanced three-party encrypted key exchange without server public keys. Comput Secur, v23 (7), pp.571-577, 2004. https://doi.org/10.1016/j.cose.2004.06.007
  6. Wen HA, Lee TF, Hwang T. Provably secure three-party password-based authenticated key exchange protocol using weil pairing. IEE Proc Commun, v152 (2), pp.138-143, 2005. https://doi.org/10.1049/ip-com:20045087
  7. Bellare M, Rogaway P. Random oracles are practical: a paradigm for designing efficient protocols. ACM annual conference on computer and communications security, pp.62-73, 1993. https://doi.org/10.1145/168588.168596
  8. Bellare M, Rogaway P. Entity authentication and key distribution. In: Proceedings of the Crypto 93, LNCS, v773, pp.232-249, 1993. https://doi.org/10.1007/3-540-48329-2_21
  9. Bellare M, Rogaway P. Provably secure session key distribution: the three party case. In: Proceedings of the 27th ACM symposium on the theory of computing; pp.57-66, 1995. https://doi.org/10.1145/225058.225084
  10. Bellare M, Pointcheval P, Rogaway P. Authenticated key exchange secure against dictionary attacks. In: Proceedings of the Eurocrypt''00, LNCS, v1807, pp.139-155, 2000. https://doi.org/10.1007/3-540-45539-6_11
  11. Nam J, Lee Y, Kim S, Won D. Security weakness in a three-party pairing-based protocol for password authenticated key exchange. Inform Sci, v177(6), pp.1364-1375, 2007. https://doi.org/10.1016/j.ins.2006.09.001
  12. Lu R, Cao Z. Simple three-party key exchange protocol. Comput Secur , v26(1), pp.94-97, 2007. https://doi.org/10.1016/j.cose.2006.08.005
  13. Kim, Choi. Enhanced Password-based simple three-party Key exchange protocol. Computers and Electrical Engineering , v35(1), pp.107-114, 2009. https://doi.org/10.1016/j.compeleceng.2008.05.007