| Previous | [1] | [2] | [3] | [4] | [5] | [6] | [7] | [8] | [9] | [10] |
¡@
Her-Tyan Yeh, Hung-Min Sun* and Tzonelih Hwang**
Department of Information and Communication
Southern Taiwan University of Technology
Tainan, 710 Taiwan
E-mail: htyeh@mail.stut.edu.tw
*Department of Computer Science
National Tsing Hua University
Hsinchu, 300 Taiwan
E-mail; hmsun@cs.nthu.edu.tw
**Department of Computer Science and Information Engineering
National Cheng Kung University
Tainan, 701 Taiwan
Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-equivalent mechanism in which a compromise of the server¡¦s database will not result in success in directly impersonating clients.
Keywords:
network protocol, authentication, key agreement, password guessing attack, perfect forward secrecy
Received December 3, 2001; revised November 11, 2002; accepted February 24, 2003.
Retrieve PDF document (200311_09.pdf)
Communicated by Jia-Lin Wu.