Journal
COMPUTERS & SECURITY
Volume 27, Issue 1-2, Pages 16-21Publisher
ELSEVIER ADVANCED TECHNOLOGY
DOI: 10.1016/j.cose.2008.03.001
Keywords
password-authenticated key exchange; cryptanalysis; security; dictionary attack; man-in-the-middle attack
Categories
Ask authors/readers for more resources
Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol. (c) 2008 Elsevier Ltd. All rights reserved.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available