Cryptology ePrint Archive: Report 2008/065

Infringing and Improving Password Security of a Three-Party Key Exchange Protocol

Junghyun Nam

Abstract: Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an attempt to determine the correct one. We then figure out how to eliminate the security vulnerability of S-3PAKE.

Category / Keywords: cryptographic protocols / Key exchange protocol, secure communication, password, off-line dictionary attack

Date: received 5 Feb 2008

Contact author: jhnam at kku ac kr

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20080211:110541 (All versions of this report)

Discussion forum: Show discussion | Start new discussion