Abstract

Recently, Guo et al. discovered some security flaws of the simple three-party key exchange protocol proposed by Lu and Cao, and proposed an improved protocol. Independently, Chung and Ku also showed some weaknesses of Lu and Cao's protocol, and provided an improved protocol. In this paper, we review some insecurity of Lu and Cao's protocol and analyze two improved protocols proposed by Guo et al. and Chung and Ku. Then we show that the protocols are still insecure. They are vulnerable to an adversary who performs an off-line password guessing attack. We provide a countermeasure by performing detailed analysis on the security flaws in two improved protocols. We also propose a secure three-party password-authenticated key exchange protocol which requires three rounds.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.