Cargando…
On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys
Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-p...
| Autores principales: | , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Hindawi Publishing Corporation
2014
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4165805/ https://www.ncbi.nlm.nih.gov/pubmed/25258723 http://dx.doi.org/10.1155/2014/479534 |
| _version_ | 1782335147492769792 |
|---|---|
| author | Nam, Junghyun Choo, Kim-Kwang Raymond Park, Minkyu Paik, Juryon Won, Dongho |
| author_facet | Nam, Junghyun Choo, Kim-Kwang Raymond Park, Minkyu Paik, Juryon Won, Dongho |
| author_sort | Nam, Junghyun |
| collection | PubMed |
| description | Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol. |
| format | Online Article Text |
| id | pubmed-4165805 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2014 |
| publisher | Hindawi Publishing Corporation |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-41658052014-09-25 On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys Nam, Junghyun Choo, Kim-Kwang Raymond Park, Minkyu Paik, Juryon Won, Dongho ScientificWorldJournal Research Article Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol. Hindawi Publishing Corporation 2014 2014-09-01 /pmc/articles/PMC4165805/ /pubmed/25258723 http://dx.doi.org/10.1155/2014/479534 Text en Copyright © 2014 Junghyun Nam et al. https://creativecommons.org/licenses/by/3.0/ This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. |
| spellingShingle | Research Article Nam, Junghyun Choo, Kim-Kwang Raymond Park, Minkyu Paik, Juryon Won, Dongho On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys |
| title | On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys |
| title_full | On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys |
| title_fullStr | On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys |
| title_full_unstemmed | On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys |
| title_short | On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys |
| title_sort | on the security of a simple three-party key exchange protocol without server's public keys |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4165805/ https://www.ncbi.nlm.nih.gov/pubmed/25258723 http://dx.doi.org/10.1155/2014/479534 |
| work_keys_str_mv | AT namjunghyun onthesecurityofasimplethreepartykeyexchangeprotocolwithoutserverspublickeys AT chookimkwangraymond onthesecurityofasimplethreepartykeyexchangeprotocolwithoutserverspublickeys AT parkminkyu onthesecurityofasimplethreepartykeyexchangeprotocolwithoutserverspublickeys AT paikjuryon onthesecurityofasimplethreepartykeyexchangeprotocolwithoutserverspublickeys AT wondongho onthesecurityofasimplethreepartykeyexchangeprotocolwithoutserverspublickeys |