Journal
JOURNAL OF SUPERCOMPUTING
Volume 70, Issue 2, Pages 1002-1022Publisher
SPRINGER
DOI: 10.1007/s11227-014-1273-z
Keywords
Password-based authentication; Key exchange protocol; Off-line password guessing attack; Impersonation attack; Random oracle model
Ask authors/readers for more resources
Recently, Tso proposed a three-party password-based authenticated key exchange (3PAKE) protocol. This protocol allows two clients to authenticate each other and establish a secure session key through a server over an insecure channel. The main security goals of such protocols are authentication and privacy. However, we show that Tso's protocol achieves neither authentication goal nor privacy goal. In this paper, we indicate that the privacy and authentication goals of Tso's protocol will be broken by off-line password guessing attack and impersonation attack, respectively. To overcome the weaknesses, we propose an improved 3PAKE protocol to achieve more security and performance than related protocols. The security of the proposed improved protocol is proved in random oracle model.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available