کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
454986 | 695326 | 2009 | 8 صفحه PDF | دانلود رایگان |
Due to the simplicity of maintaining human memorable passwords without any assistant storage device, password-based three-party encrypted key exchange (3PEKE) protocol has become one of the most promising research fields on user authentication and secure communication. In 2008, Chen et al. and Yoon and Yoo both pointed that Chang and Chang's password-based 3PEKE scheme cannot resist against undetectable on-line password guessing attacks, and then respectively proposed an improved protocol to eliminate the security vulnerability. However, based on the security analyses conducted by us, we find that both of their protocols are still vulnerable against undetectable on-line password guessing attacks. Accordingly, we develop a novel 3PEKE protocol to remedy these authentication flaws. Moreover, our proposed protocol can achieve better performance efficiency by requiring only four message transmission rounds. In conclusion, we can claim that our proposed 3PEKE protocol is more secure and efficient in comparison with the protocols proposed by Chen et al. and Yoon and Yoo.
Journal: Computer Standards & Interfaces - Volume 31, Issue 6, November 2009, Pages 1167–1174