Abstract

The key exchange protocol using passwords achieved great attention due to its simplicity and efficiency. Recently, Chang proposed a practical three-party key exchange (C-3 PEKE) protocol with round efficiency. Later, Lee and Chang presented an off-line password guessing attack on C-3 PEKE protocol. In the present paper, an impersonation-of-the initiator attack and impersonation-of-the responder attack are demonstrated on C-3 PEKE protocol using the off-line password guessing attack proposed by Lee and Chang.

References

• Abdalla, M., Chevassut, O., and Pointcheval, D. One-time verifier-based encrypted key exchange, Proc. of PKC ’05, LNCS 3386, Springer-Verlag, pp. 47–64, 2005.
• Abdalla, M., and Pointcheval, D. Simple Password-Based Encrypted Key Exchange Protocols, Proc. of Topics in Cryptology - CT-RSA, LNCS 3376, Springer-Verlag, pp. 191-208, 2005.
• Abdalla, M., and Pointcheval, D. Interactive Diffie-Hellman Assumptions with Applications to Password-based Authentication, Proceedings of the 9th International Conference on Financial Cryptography (FC’2005), Roseau, Dominica, Berlin, Germany: Springer-Verlag, pp.341-356, 2005.
• Abdalla, M., Fouque, P, A., Pointcheval, D. Password-based authenticated key exchange in the three-party setting, Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography (PKC’2005). Berlin, Germany: Springer-Verlag, 2005:65-84. Full version appeared in IEE Information Security, v 153(1), pp. 27–39, March 2006.
• Bellovin, S M., and Merritt, M. Encrypted key exchange: Password-based protocols secure against dictionary attacks, Proc. 1992 IEEE Symposium on Security and Privacy, pp. 72-84, May 1992.
• Bellare, M., Pointcheval, D., and Rogaway, P. Authenticated key exchange secure against dictionary attacks, Proceedings of the 2000 Advances in Cryptology (EUROCRYPT’2000). Berlin, Germany: Springer-Verlag, pp. 139-155, 2000.
• Bresson, E., Chevassut, O., and Pointcheval, D. New security results on encrypted key exchange, Proc. PKC 2004, LNCS 2947, Springer-Verlag, pp. 145-158. Mar. 2004.
• Chang, Y, F. A practical Three-party key exchange protocol with Round Efficiency, International Journal of Innovative Computing, Information and control, v 4(4), pp. 953-960, April 2008.
• Ding. Y, Horster, P. Undetectable on-line password guessing attacks, ACM Operat Syst Rev 29(4), pp.77– 86, 1995.
• Diffie, W., and Hellman, M. New Directions in cryptography , IEEE Transactions on Information theory, v 22 (6) , pp. 644-654, 1976.
• Kim and Choi. Enhanced Password-based simple three-party Key exchange protocol, Computers and Electrical Engineering, v 35(1), pp107-114, 2009.
• K, Kobara., and H, Imai. Pretty-simple password-authenticated key exchange under standard assumptions, IEICE Transactions, E85-A (10):pp.2229-2237, Oct. 2002. Also available at http://eprint.iacr.org/2003/038/.
• Lee., and Chang, On security of a three party key exchange protocol with round efficiency, Information technology and control, kaunas, technologija, v 37(4), pp.333-335, 2008.
• Lee, T, F., Hwang, T., and Lin, C, L. Enhanced three-party encrypted key exchange without server’s public keys, Computers and Security, 23(7): pp.571-577, 2004.
• Lee, S, W., Kim, H, S., and Yoo, K, Y. Efficient verifier-based key agreement for three parties without server’s public key, Applied Mathematics and Computation, 167(2), pp. 996-1003, 2005.
• Lin, C, L., Sun, H, M., Steiner, M., and Hwang T. Three-party encrypted key exchange without server’s public keys, IEEE Communications Letters, v5(12), pp. 497-499, 2001.
• Lin, C, L., Sun, H, M and Hwang T. Three-party encrypted key exchange attacks and a solution, ACM Operating Systems Review, 34(4), pp.12-20, 2000.
• Lu, R., and Cao, Z. Simple three-party key exchange protocol, Computers and Security, v 26(1), pp.94-97, 2007.
• Steiner, M., Tsudik, G., and Waidner, M. Refinement and extention of encrypted key exchange, ACM Operating Systems Review, v 29(3), pp 22-30, 1995.