Special Issue Paper
Security analysis and enhancement for three-party password-based authenticated key exchange protocol
Article first published online: 30 MAR 2011
Copyright © 2011 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 5, Issue 3, pages 273–278, March 2012
How to Cite
Zhao, J., Gu, D. and Zhang, L. (2012), Security analysis and enhancement for three-party password-based authenticated key exchange protocol. Security Comm. Networks, 5: 273–278. doi: 10.1002/sec.316
- Issue published online: 24 FEB 2012
- Article first published online: 30 MAR 2011
- Science and Technology Commission of Shanghai Municipality. Grant Number: 10DZ1500202
- National Natural Science Foundation of China. Grant Number: 61073150
- information security;
- key agreement;
- man-in-the-middle attack
Recently, Tzung-Her Chen, Wei-Bin Lee, and Hsing-Bai Chen (CLC) proposed a new three-party password-based authenticated key exchange (3PAKE) protocol. This CLC protocol needs not store the security-sensitive table on the server side, which reduces the danger of the server being compromised; also, it has the advantage in terms of the round efficiency and computational cost. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice. On the basis of this finding, we present a modified 3PAKE protocol called I-CLC protocol, which is essentially an improved CLC protocol. I-CLC can resist attacks available, including the man-in-the-middle attack that we mentioned on the initial CLC protocol. Meanwhile, the new protocol allows that the participants choose their own passwords by themselves; additionally, the computation cost of I-CLC is lower than that of CLC protocol. Copyright © 2011 John Wiley & Sons, Ltd.