Recently, Zhu et al. proposed a password authenticated key exchange protocol based on RSA. Then, Yeh et al. demonstrated that Zhu et al.’s protocol suffers from the undetectable password-guessing attacks and proposed an improved version. However, there are still some security flaws in Yeh et al.’s proposed protocol. Moreover, the computation load of the wireless device is not light enough. For lightening the computation load, a secure and practical protocol is presented in this paper. D 2004 Elsevier B.V. All rights reserved.

This article proposes an efficient, less communication rounds, three-party encrypted key exchange protocol to achieve the authentication requirement. The protocol is provided with (1) no asymmetric encryption algorithm which is adopted to reduce the costs (such as any public-key infrastructure); (2) using pre-shared key to prevent adversaries that masquerade as legal users after guessing attacks; (3) avoiding the variant man-in-the-middle attacks on Diffie-Hellman based protocols; (4) achieving mutual authentication. With these four features, the proposed protocol is suitable for being applied for establishing secure channels between two clients, which are supported with the same trusted server. Keywords: Three-party encrypted key exchange, secure channels, guessing attacks. 1.

The key exchange protocol using passwords achieved great attention due to its simplicity and efficiency. Recently, Chang proposed a practical three-party key exchange (C-3 PEKE) protocol with round efficiency. Later, Lee and Chang presented an off-line password guessing attack on C-3 PEKE protocol. In the present paper, an impersonation-of-the initiator attack and impersonation-of-the responder attack are demonstrated on C-3 PEKE protocol using the off-line password guessing attack proposed by Lee and Chang..Keywords- C-3 PEKE protocol, off-line password guessing attack, impersonation-of-the-initiator attack, impersonation-ofthe-responder attack 1.

key exchange protocol

Abstract: This paper discusses the security for a simple and efficient three-party password-based authenticated key exchange protocol proposed by Huang most recently. Our analysis shows her protocol is still vulnerable to three kinds of attacks: (1) undetectable on-line dictionary attacks; and (2) key-compromise impersonation attack. Thereafter we propose an enhanced protocol that can defeat the attacks described and yet is reasonably efficient.