Three weaknesses in a simple three-party key exchange protocol
|
 |
|
Post a Comment
|
|
|
|
|
CONTRIBUTORS:
|
|
|
JOURNAL:
|
Computers & Electrical Engineering,
??(??),
?? - ??.
|
|
|
|
YEAR:
|
forthcoming
|
|
PUB TYPE:
|
Journal Article
|
|
SUBJECT(S):
|
None
|
|
DISCIPLINE:
|
No discipline assigned
|
|
HTTP:
|
|
|
LANGUAGE:
|
None
|
|
PUB ID:
|
103-444-950
(Last edited on
2008/08/26 01:15:29 GMT-6)
|
|
SPONSOR(S):
|
|
|
ABSTRACT:
Recently, Lu and Cao proposed a simple three-party password-based key exchange (STPKE)
protocol based on the CCDH assumption. They claimed that their protocol is secure, efficient,
and practical. In this paper, unlike their claims, we find that the STPKE protocol is still
vulnerable to undetectable on-line password guessing attacks by using formal description,
BPR model. These weakness is due to the fact that the messages of the communicants are
not appropriately encrypted into the exchanged cryptographic messages. To enhance the
security of the STPKE protocol, we suggest a countermeasure to resist our described attacks
while the merits of the original protocol are left unchanged.
|
|
|
|
STATISTICS
|
|
Click on # to view
|
|
Citations
|
|
0
|
|
References
|
|
1
|
|
Comments
|
|
0
|
|
Quality
|
|
0/0.00
|
|
Interest
|
|
0/0.00
|
|
View(er)s
|
|
1/35
|
|
|
|
|
|
|
| Prev |
Next |
|