Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19] [ 20] [ 21] [ 22] [ 23] [ 24]

@

Journal of Information Science and Engineering, Vol. 27 No. 3, pp. 1059-1072 (May 2011)

Security Analysis and Enhancements of Verifier-Based Password-Authenticated Key Exchange Protocols in the Three-Party Setting

SHUHUA WU
Department of Networks Engineering
Zhengzhou Information Science Technology Institute
He'nan, 450002 P.R. China
E-mail: wushuhua726@sina.com.cn

This paper investigates verifier-based password authenticated key exchange (PAKE) protocols in the three party setting. We first show that the protocol recently proposed by Li et al. is vulnerable to off-line dictionary attack and unknown key-share attack. Moreover, we also show that the direct elliptic curve (EC) analog of the DL based protocol proposed by Kwon et al. cant resist the off-line password guessing attack. Thereafter we present an enhanced protocol that can be securely implemented over elliptic curves. And yet, our proposal is simple and efficient. Therefore, the protocol is quite popular in low resource environments. Finally, as a result of our work, we also hope to have contributed towards a better understanding that it is important to study the precise adaptation of DLbased password authenticated protocols since direct EC analogs of DL based protocols may be susceptible to some new attacks.

Keywords: cryptanalysis, three-party, verifier-based, password authenticated key exchange, elliptic curve

Full Text () Retrieve PDF document (201105_16.pdf)

Received August 26, 2009; revised October 19, 2009; accepted November 5, 2009.
Communicated by Chin-Laung Lei.