The Scientific World Journal (Jan 2014)

On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

  • Junghyun Nam,
  • Kim-Kwang Raymond Choo,
  • Minkyu Park,
  • Juryon Paik,
  • Dongho Won

DOI
https://doi.org/10.1155/2014/479534
Journal volume & issue
Vol. 2014

Abstract

Read online

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.