An Enhanced and Secure Three-Party Password-based Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems

Authors

  • M. S. Farash Department of Mathematics and Computer Sciences, Kharazmi University
  • M. A. Attari K.N. Toosi University of Technology

DOI:

https://doi.org/10.5755/j01.itc.43.2.3790

Keywords:

Password-based key exchange protocol, Password guessing attack, Client-server authentication

Abstract

Password-based authenticated key exchange protocol is a type of authenticated key exchange protocols which enables two or more communication entities, who only share weak, low-entropy and easily memorable passwords, to authenticate each other and establish a high-entropy secret session key. In 2012, Tallapally proposed an enhanced three-party password-based authenticated key exchange protocol to overcome the weaknesses of Huang’s scheme. However, in this paper, we indicate that the Tallapally’s scheme not only is still vulnerable to undetectable online password guessing attack, but also is insecure against off-line password guessing attack. Therefore, we propose a more secure and efficient scheme to overcome the security flaws.

DOI: http://dx.doi.org/10.5755/j01.itc.43.2.3790

Downloads

Published

2014-06-19

Issue

Section

Articles