Security Analysis and Improvements of a Three-Party Password-Based Key Exchange Protocol

Authors

  • H. Tu Wuhan University
  • H. Shen Wuhan University
  • D. He Wuhan University
  • J. Chen Wuhan University

DOI:

https://doi.org/10.5755/j01.itc.43.1.5322

Keywords:

Key exchange protocol, Three-party, Password guessing attack, Key compromise impersonation attack, Denning-Sacco attack

Abstract

Recently Xie et al. [Q. Xie, N. Dong, X. Tan. D. Wong, G. Wang. Improvement of a three-party password-based key exchange protocol with formal verification. Information Technology and Control, 2013, Vol. 42, No. 3, 231-237] proposed an efficient three-party password-based key exchange protocol and used a formal verification tool to verify its security. In this paper, we demonstrate that their protocol is vulnerable to the off-line password guessing attack and the key compromise impersonation attack. The analysis shows that their protocol is not secure for practical applications. To overcome weaknesses in Xie et al.’s protocol, we also propose an improved 3PAKE protocol. Analysis shows that our protocol not only overcomes those weaknesses, but also has better performance. Therefore, our protocol is more suitable for practical applications.

DOI: http://dx.doi.org/10.5755/j01.itc.43.1.5322

Downloads

Published

2014-03-07

Issue

Section

Regular Papers