What Public Keys Can Do for 3-Party, Password-Authenticated Key Exchange

2014 ◽  
pp. 83-101
Author(s):  
Jean Lancrenon
Keyword(s):  
Key Exchange ◽  
Authenticated Key Exchange ◽  
Public Keys

Simple password-based three-party authenticated key exchange without server public keys

2010 ◽  
Vol 180 (9) ◽  
pp. 1702-1714 ◽  
Author(s):  
Tian-Fu Lee ◽  
Tzonelih Hwang
Keyword(s):  
Key Exchange ◽  
Authenticated Key Exchange ◽  
Public Keys

scholarly journals On the leakage-resilient key exchange

2017 ◽  
Vol 11 (4) ◽  
Author(s):  
Janaka Alawatugoda
Keyword(s):  
Key Exchange ◽  
Authenticated Key Exchange ◽  
Key Exchange Protocol ◽  
Security Models ◽  
Public Keys ◽  
Secret Keys ◽  
Key Exchange Protocols ◽  
Leakage Resilient ◽  
Secure Channels

AbstractTypically, secure channels are constructed from an authenticated key exchange (AKE) protocol, which authenticates the communicating parties based on long-term public keys and establishes secret session keys. In this paper we address the partial leakage of long-term secret keys of key exchange protocol participants due to various side-channel attacks. Security models for two-party authenticated key exchange protocols have been developed over time to provide security even when the adversary learns certain secret values. This paper combines and extends the advances of security modelling for AKE protocols addressing more granular partial leakage of long-term secrets of protocol participants. Further, we fix some flaws in security proofs of previous leakage-resilient key exchange protocols.

scholarly journals On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

2014 ◽  
Vol 2014 ◽  
pp. 1-7 ◽  
Author(s):  
Junghyun Nam ◽  
Kim-Kwang Raymond Choo ◽  
Minkyu Park ◽  
Juryon Paik ◽  
Dongho Won
Keyword(s):  
Real World ◽  
Key Exchange ◽  
Authenticated Key Exchange ◽  
Key Exchange Protocol ◽  
Dictionary Attack ◽  
Security Vulnerabilities ◽  
Network Applications ◽  
Public Keys ◽  
Man In The Middle ◽  
Key Exchange Protocols

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

Sign in / Sign up

Export Citation Format

Share Document