JISE

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

Journal of Information Science and Engineering, Vol. 19 No. 6, pp. 1059-1070

Efficient Three-Party Authentication and Key Agreement Protocols Resistant to Password Guessing Attacks

Her-Tyan Yeh, Hung-Min Sun^* and Tzonelih Hwang^**
Department of Information and Communication
Southern Taiwan University of Technology
Tainan, 710 Taiwan
E-mail: htyeh@mail.stut.edu.tw
^*Department of Computer Science
National Tsing Hua University
Hsinchu, 300 Taiwan
E-mail; hmsun@cs.nthu.edu.tw
^**Department of Computer Science and Information Engineering
National Cheng Kung University
Tainan, 701 Taiwan

Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-equivalent mechanism in which a compromise of the server’s database will not result in success in directly impersonating clients.

Keywords: network protocol, authentication, key agreement, password guessing attack, perfect forward secrecy

Retrieve PDF document (JISE_200306_09.pdf)