---

Cryptanalysis of Yang-Li-Liao’s Simple Three-Party Key Exchange (S-3PAKE) Protocol

Year: 2013 Volume: 7 Issue: 10 1328 - 1332 Pages

• Authors:
• Hae-Soon Ahn
• Eun-Jun Yoon

Abstract: Three-party password authenticated key exchange (3PAKE) protocols are widely deployed on lots of remote user authentication system due to its simplicity and convenience of maintaining a human-memorable password at client side to achieve secure communication within a hostile network. Recently, an improvement of 3PAKE protocol by processing a built-in data attached to other party for identity authentication to individual data was proposed by some researchers. However, this paper points out that the improved 3PAKE protocol is still vulnerable to undetectable on-line dictionary attack and off-line dictionary attack.

• Keywords:
• Three-party key exchange
• 3PAKE
• Passwordauthenticated key exchange
• Network security
• Dictionary attack

Two Undetectable On-line Dictionary Attacks on Debiao et al.’s S-3PAKE Protocol

Year: 2012 Volume: 6 Issue: 8 1063 - 1066 Pages

• Authors:
• Sung-Bae Choi
• Sang-Yoon Yoon
• Eun-Jun Yoon

Abstract: In 2011, Debiao et al. pointed out that S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting is vulnerable to an off-line dictionary attack. Then, they proposed some countermeasures to eliminate the security vulnerability of the S-3PAKE. Nevertheless, this paper points out their enhanced S-3PAKE protocol is still vulnerable to undetectable on-line dictionary attacks unlike their claim.

• Keywords:
• Authentication
• 3PAKE
• password
• three-party key exchange
• network security
• dictionary attacks.