Abstract

AbstractIn order to secure communications between two clients with a trusted server's help in public network environments, a three‐party authenticated key exchange (3PAKE) protocol is used to provide the transaction confidentiality and the efficiency. In 2009, Huang proposed a simple three‐party password‐based authenticated key exchange (HS‐3PAKE) protocol without any server's public key. By analysis, Huang claimed that the proposed HS‐3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that HS‐3PAKE protocol is vulnerable to undetectable online password guessing attacks and off‐line password guessing attacks by any other user. Copyright © 2010 John Wiley & Sons, Ltd.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call