Previous [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

@

Journal of Information Science and Engineering, Vol.19 No.6, pp.1059-1070 (November 2003)


Efficient Three-Party Authentication and Key Agreement
Protocols Resistant to Password Guessing Attacks

Her-Tyan Yeh, Hung-Min Sun* and Tzonelih Hwang**
Department of Information and Communication
Southern Taiwan University of Technology
Tainan, 710 Taiwan
E-mail: htyeh@mail.stut.edu.tw
*Department of Computer Science
National Tsing Hua University
Hsinchu, 300 Taiwan
E-mail; hmsun@cs.nthu.edu.tw
**Department of Computer Science and Information Engineering
National Cheng Kung University
Tainan, 701 Taiwan

Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-equivalent mechanism in which a compromise of the servers database will not result in success in directly impersonating clients.

Keywords: network protocol, authentication, key agreement, password guessing attack, perfect forward secrecy

Full Text () Retrieve PDF document (200311_09.pdf)

Received December 3, 2001; revised November 11, 2002; accepted February 24, 2003.
Communicated by Jia-Lin Wu.