A security patch for a three-party key exchange protocol |
| |
Authors: | Jianjie Zhao Dawu Gu |
| |
Institution: | 1.School of Information Security Engineering,Shanghai Jiao Tong University,Shanghai,China;2.Department of Computer Science and Engineering,Shanghai Jiao Tong University,Shanghai,China |
| |
Abstract: | The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated
key exchange (3PAKE) protocol. This CLC protocol provides a superior round efficiency (only three rounds), and its resources
required for computation are relatively few. However, we find that the leakage of values A
V
and B
V
in the CLC protocol will make a man-in-the-middle attack feasible in practice, where A
V
and B
V
are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially
an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial
CLC protocol. Meanwhile, we allow that the participants choose their own passwords by themselves, thus avoiding the danger
that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that
of the CLC protocol. |
| |
Keywords: | |
本文献已被 CNKI SpringerLink 等数据库收录! |
|