Two Undetectable On-line Dictionary Attacks on Debiao et al.’s S-3PAKE Protocol

Sung-Bae Choi; Sang-Yoon Yoon; Eun-Jun Yoon

Commenced in January 2007

Frequency: Monthly

Edition: International

Paper Count: 32799

Two Undetectable On-line Dictionary Attacks on Debiao et al.’s S-3PAKE Protocol

Authors: Sung-Bae Choi, Sang-Yoon Yoon, Eun-Jun Yoon

Abstract:

In 2011, Debiao et al. pointed out that S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting is vulnerable to an off-line dictionary attack. Then, they proposed some countermeasures to eliminate the security vulnerability of the S-3PAKE. Nevertheless, this paper points out their enhanced S-3PAKE protocol is still vulnerable to undetectable on-line dictionary attacks unlike their claim.

Keywords: Authentication, 3PAKE, password, three-party key exchange, network security, dictionary attacks.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1334976

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1599

References:

[1] R. Lu and Z. Cao, "Simple three-party key exchange protocol," Computers & Security, vol. 26, no. 1, pp. 94-97, 2007.
[2] M. Abdalla and D. Pointcheval, "Simple password-based encrypted key exchange protocols," in Proc. CT-RSA-05, LNCS vol. 3376, pp. 191-208, 2005.
[3] H.-R. Chung and W.-C. Ku, "Three weaknesses in a simple three-party key exchange protocol," Inform. Sciences, vol. 178, no. 1, pp. 220.229, 2008.
[4] H. Guo, Z. Li, Y. Mu, and X. Zhang, "Cryptanalysis of simple threeparty key exchange protocol," Computers & Security, vol. 27, no. 1, pp. 16-21, 2008.
[5] R. C.-W. Phan, W.-C. Yau, and B.-M. Goi, "Cryptanalysis of simple threeparty key exchange protocol (S-3PAKE)," Inform. Sciences, vol. 178, no. 13, pp. 2849-2856, 2008.
[6] J. Nam, J. Paik, H.-K. Kang, U.-M. Kim, and D. Won, "An off-line dictionary attack on a simple three-party key exchange protocol," IEEE Commun. Lett., vol. 13, no. 3, pp. 205-207, 2009.
[7] H. Debiao, C. Jianhua, and H. Jin, "Cryptanalysis of a simple three-party key exchange protocol," Informatica, vol. 34, pp. 337-339, 2010.
[8] H.-S Kim and J.-Y. Choi, "Enhanced password-based simple three-party key exchange protocol," Computers & Electrical Engineering, vol. 35, pp. 107-114, 2009.
[9] Y. Ding and P. Horster, "Undetectable on-line password guessing attacks," ACM Operating Systems Review, vol. 29, no. 4, pp. 77-86, 1995.
[10] H.-J. Kim and E.-J. Yoon, "Cryptanalysis of an enhanced simple three-party key exchange protocol," Communications in Computer and Information Science, vol. 259, pp. 167-176, 2011.