On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

JunghyunNam; Kim-Kwang RaymondChoo; MinkyuPark; JuryonPaik; DonghoWon

首页> 外文期刊>ScientificWorldJournal >On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

【24h】

On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

机译：关于一个没有服务器公钥的简单三方密钥交换协议的安全性

获取原文

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

团队文献服务 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

机译：经过身份验证的密钥交换协议在保护通信方面具有基本的重要性，现在广泛部署用于各种真实网络应用程序。在这项工作中，我们根据Lee和Hwang（2010年）的基于密码的认证三方关键交换协议，揭示了先前未发表的安全漏洞：（1）李 - 旺议定书易于一个人 - 中间攻击，因此未能实现隐式的密钥认证; （2）协议无法保护客户的密码免受离线词典攻击; （3）即使在存在被动对手的情况下，协议的基于禁止的基于无法区分的安全性也可以很容易地打破。我们还提出了一种改进的基于密码的身份验证三方密钥交换协议，该协议解决了Lee-Hwang协议中标识的安全漏洞。

著录项

来源
《ScientificWorldJournal 》 |2014年第3期| 共7页
作者
JunghyunNam; Kim-Kwang RaymondChoo; MinkyuPark; JuryonPaik; DonghoWon;
展开▼
作者单位

展开▼
收录信息
原文格式 PDF
正文语种
中图分类
关键词

相似文献

外文文献
中文文献
专利

1. Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys [J] . Xiong H., Chen Y., Guan Z., Information Sciences: An International Journal . 2013 ,第Null期

机译：在没有服务器公钥的情况下查找和修复多个经过三方密码验证的密钥交换协议中的漏洞
2. Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using server's public key and smart card [J] . Xie Qi, Hu Bin, Wu Ting Nonlinear dynamics . 2015 ,第4期

机译：无需使用服务器的公钥和智能卡，即可改进基于混沌地图的第三方密码验证密钥交换协议
3. A Provably Secure Three-Party Password Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems [J] . Engineering Economics . 2015 ,第2期

机译：无需使用服务器的公共密钥和对称密码系统的，经过安全保护的第三方密码验证密钥交换协议
4. On the Security of Lv et al.'s Three-Party Authenticated Key Exchange Protocol Using One-Time Key [C] . Eun-Jun Yoon IEEE International Conference on Advanced Infocomm Technology . 2013

机译：关于LV等人的安全。使用一次性键的三方经过验证密钥交换协议
5. Adapting group key management protocols to wireless, ad-hoc networks without the assumption of view synchrony. [D] . Manz, David. 2010

机译：在不考虑视图同步的情况下，将组密钥管理协议调整为适用于无线，自组织网络。
6. On the Security of a Simple Three-Party Key Exchange Protocol without Servers Public Keys [O] . Junghyun Nam, Kim-Kwang Raymond Choo, Minkyu Park, -1

机译：没有服务器公钥的简单三方密钥交换协议的安全性
7. The Three-Party Password Authenticated Key Exchange Protocol with Stronger Security [O] . Ding Xiao-fei, Ma Chuan-gui 2014

机译：具有更强安全性的三方密码认证密钥交换协议
8. Simple Public Key Infrastructure Protocol Analysis and Design [R] . Vidergar, A. G. 2005

机译：简单的公钥基础设施协议分析与设计

On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

摘要

著录项

相似文献

相关主题

期刊订阅