scholarly journals On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

2014 ◽  
Vol 2014 ◽  
pp. 1-7 ◽  
Author(s):  
Junghyun Nam ◽  
Kim-Kwang Raymond Choo ◽  
Minkyu Park ◽  
Juryon Paik ◽  
Dongho Won
Keyword(s):  
Real World ◽  
Key Exchange ◽  
Authenticated Key Exchange ◽  
Key Exchange Protocol ◽  
Dictionary Attack ◽  
Security Vulnerabilities ◽  
Network Applications ◽  
Public Keys ◽  
Man In The Middle ◽  
Key Exchange Protocols

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

scholarly journals On the leakage-resilient key exchange

2017 ◽  
Vol 11 (4) ◽  
Author(s):  
Janaka Alawatugoda
Keyword(s):  
Key Exchange ◽  
Authenticated Key Exchange ◽  
Key Exchange Protocol ◽  
Security Models ◽  
Public Keys ◽  
Secret Keys ◽  
Key Exchange Protocols ◽  
Leakage Resilient ◽  
Secure Channels

AbstractTypically, secure channels are constructed from an authenticated key exchange (AKE) protocol, which authenticates the communicating parties based on long-term public keys and establishes secret session keys. In this paper we address the partial leakage of long-term secret keys of key exchange protocol participants due to various side-channel attacks. Security models for two-party authenticated key exchange protocols have been developed over time to provide security even when the adversary learns certain secret values. This paper combines and extends the advances of security modelling for AKE protocols addressing more granular partial leakage of long-term secrets of protocol participants. Further, we fix some flaws in security proofs of previous leakage-resilient key exchange protocols.

Two-Factor Authenticated Key Exchange Protocol in the Three-Party Setting

2012 ◽  
Vol 182-183 ◽  
pp. 2075-2079
Author(s):  
Ren Junn Hwang ◽  
Feng Fu Su ◽  
Loang Shing Huang
Keyword(s):  
Key Exchange ◽  
Smart Cards ◽  
Storage Device ◽  
Authenticated Key Exchange ◽  
Key Exchange Protocol ◽  
Session Key ◽  
The Past ◽  
Resistance Property ◽  
Key Exchange Protocols ◽  
Authenticated Key Exchange Protocol

This paper proposes a three-party authenticated key exchange protocol using two-factor including a password and a token. The proposed protocol allows two users to establish a session key through a trusted server with whom they both share a human-memorable password and a token. Over the past years, many three-party authenticated key exchange protocols have been proposed. However, many proposed protocols use smart cards with tamper-resistance property as tokens. It is not practical by using smart cards because of the high cost and the infrastructure requirements. Therefore, the proposed paper only uses a common storage device such as a USB memory stick. We believe the proposed protocol is suitable for practical scenarios.

scholarly journals ESIKE: An efficient and secure internet key  exchange protocol

2021 ◽  
Author(s):  
marwa ahmim ◽  
Ahmed Ahmim ◽  
Mohamed amine Ferrag ◽  
Nacira ghoualmi-zine ◽  
Leandros Maglaras
Keyword(s):  
Computational Cost ◽  
Key Exchange ◽  
Key Exchange Protocol ◽  
Man In The Middle ◽  
Key Exchange Protocols ◽  
Perfect Forward Secrecy ◽  
High Level ◽  
Use Of Internet ◽  
Low Computational Cost ◽  
Internet Key Exchange

Abstract The use of Internet key exchange protocols in IP Security architecture and in IoT environments has vulnerabilities against various malicious attacks and affects communication efficiency. To address these weaknesses, we propose a novel efficient and secure Internet key exchange protocol (ESIKE), which achieves a high level of security along with low computational cost and energy consumption. ESIKE achieves perfect forward secrecy, anonymity, known-key security and untraceability properties. ESIKE can resist several attacks, such as, replay, DoS, eavesdropping, man-in-the-middle and modification. In addition, the formal security validation using AVISPA tools confirms the superiority of ESIKE in terms of security.

Sign in / Sign up

Export Citation Format

Share Document