Paper 2013/540

On the security of a password-only authenticated three-party key exchange protocol

Junghyun Nam, Kim-Kwang Raymond Choo, Juryon Paik, and Dongho Won

Abstract

This note reports major previously unpublished security vulnerabilities in the password-only authenticated three-party key exchange protocol due to Lee and Hwang (Information Sciences, 180, 1702-1714, 2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Three-party key exchangeMan-in-the-middle (MITM) attackOffline dictionary attackSemantic security
Contact author(s)
jhnam @ kku ac kr
History
2013-08-30: received
Short URL
https://ia.cr/2013/540
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/540,
      author = {Junghyun Nam and Kim-Kwang Raymond Choo and Juryon Paik and Dongho Won},
      title = {On the security of a password-only authenticated three-party key exchange protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/540},
      year = {2013},
      url = {https://eprint.iacr.org/2013/540}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.