An Enhanced and Secure Three-Party Password-based Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems

M. S. Farash, M. A. Attari

Abstract


Password-based authenticated key exchange protocol is a type of authenticated key exchange protocols which enables two or more communication entities, who only share weak, low-entropy and easily memorable passwords, to authenticate each other and establish a high-entropy secret session key. In 2012, Tallapally proposed an enhanced three-party password-based authenticated key exchange protocol to overcome the weaknesses of Huang’s scheme. However, in this paper, we indicate that the Tallapally’s scheme not only is still vulnerable to undetectable online password guessing attack, but also is insecure against off-line password guessing attack. Therefore, we propose a more secure and efficient scheme to overcome the security flaws.

DOI: http://dx.doi.org/10.5755/j01.itc.43.2.3790


Keywords


Password-based key exchange protocol; Password guessing attack; Client-server authentication

Full Text: PDF

Print ISSN: 1392-124X 
Online ISSN: 2335-884X