[1] Liu Xiumei, Zhou Fucai, Chang Guiran,. Improved key exchange protocol for three-partybased on verifier authentication [J]. Journal of Southeast University (English Edition), 2008, 24 (3): 322-324. [doi:10.3969/j.issn.1003-7985.2008.03.017]

Copy

Improved key exchange protocol for three-partybased on verifier authentication()

Share：

Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]

Volumn:

24

Issue:

2008 3

Page:

322-324

Research Field:

Information and Communication Engineering

Publishing date:

2008-09-30

Info

Title:

Improved key exchange protocol for three-partybased on verifier authentication

Author(s):

Liu Xiumei¹;  Zhou Fucai²;  Chang Guiran¹

¹ Computer Center, Northeastern University, Shenyang 110004, China
² School of Information Science and Engineering, Northeastern University, Shenyang 110004, China

Keywords:

key exchange for three-party;  password-based authentication;  verifier

PACS:

TN911.22

DOI:

10.3969/j.issn.1003-7985.2008.03.017

Abstract:

To prevent server compromise attack and password guessing attacks, an improved and efficient verifier-based key exchange protocol for three-party is proposed, which enables two clients to agree on a common session key with the help of the server.In this protocol, the client stores a plaintext version of the password, while the server stores a verifier for the password.And the protocol uses verifiers to authenticate between clients and the server.The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks, server compromise attacks, man-in-the-middle attacks and Denning-Sacco attacks, and it is more efficient.

References:

[1] Bellovin S M, Merritt M.Encrypted key exchange:password-based protocols secure against dictionary attacks[C]//IEEE Symposium on Security and Privacy. New York:IEEE Press, 1992:72-84.
[2] Jablon D.Strong password-only authenticated key exchange[J].Computer Communication Review, 1996, 26(5):5-26.
[3] Lucks S.Open key exchange:how to defeat dictionary attacks without encrypting public keys[C]//Proceedings of the Security Protocol Workshop. Berlin:Springer-Verlag, 1997:79-90.
[4] Abdalla Michel, Fouque Pierre-Alain, Pointcheval David.Password-based authenticated key exchange in the three-party setting[C]//Lecture Notes in Computer Science. Berlin:Springer-Verlag, 2005:65-84.
[5] Bellovin S M, Merritt M.Augmented encrypted key exchange:a password-based protocol secure against dictionary attacks and password file compromise[R].AT&T Bell Laboratories, 1994.
[6] Kwon T, Kang M, Jung S.An improvement of the password-based authentication protocol(K1P)on security against replay attacks[J].IEICE Transactions on Communications, 1999, E82-B(7):991-997.
[7] Jablon D.Extended password methods immune to dictionary attack[C]//WETICE Enterprise Security Workshop. Cambridge, MA, 1997:248-255.
[8] Sun H M, Chen B C, Hwang T.Secure key agreement protocols for three-party against guessing attacks[J].The Journal of Systems and Software, 2003, 75(1/2):63-68.
[9] Lee S W, Kim H S, Yoo K Y.Efficient verifier-based key agreement protocol for three parties without server’s public key[J].Applied Mathematics and Computation, 2005, 167(1):996-1003.

Memo

Memo:

Biographies: Liu Xiumei(1976—), female, graduate;Chang Guiran(corresponding author), male, professor, chang@neu.edu.cn.
Foundation items: The National High Technology Research and Development Program of China(863 Program)(No.2001AA115300), the Natural Science Foundation of Liaoning Province(No.20031018, 20062023).
Citation: Liu Xiumei, Zhou Fucai, Chang Guiran.Improved key exchange protocol for three-party based on verifier authentication[J].Journal of Southeast University(English Edition), 2008, 24(3):322-324.

Common functions