Paper 2008/065

Infringing and Improving Password Security of a Three-Party Key Exchange Protocol

Junghyun Nam

Abstract

Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an attempt to determine the correct one. We then figure out how to eliminate the security vulnerability of S-3PAKE.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
Key exchange protocolsecure communicationpasswordoff-line dictionary attack
Contact author(s)
jhnam @ kku ac kr
History
2008-02-11: received
Short URL
https://ia.cr/2008/065
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2008/065,
      author = {Junghyun Nam},
      title = {Infringing and Improving Password Security of a Three-Party Key Exchange Protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/065},
      year = {2008},
      url = {https://eprint.iacr.org/2008/065}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.