| 发表状态 | 已发表Published |
| 题名 | Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys |
| 作者 | |
| 发表日期 | 2013-06-20 |
| 发表期刊 | Information Sciences
 |
| ISSN/eISSN | 0020-0255 |
| 卷号 | 235页码:329-340 |
| 摘要 | Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang, et al.'s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model. © 2012 Elsevier Inc. All rights reserved. |
| 关键词 | Authentication Key Compromise Impersonation (KCI) attack Password-based Three-party key exchange |
| DOI | 10.1016/j.ins.2013.02.004 |
| URL | 查看来源 |
| 收录类别 | SCIE |
| 语种 | 英语English |
| WOS研究方向 | Computer Science |
| WOS类目 | Computer Science, Information Systems |
| WOS记录号 | WOS:000317887100023 |
| Scopus入藏号 | 2-s2.0-84875929826 |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | https://repository.uic.edu.cn/handle/39GCC9TT/13536 |
| 专题 | 个人在本单位外知识产出 |
| 通讯作者 | Xiong, Hu |
| 作者单位 | 1.School of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu,China 2.State Key Laboratory of Rail Traffic Control and Safety,Beijing Jiao Tong University,Beijing,China 3.Institute of Software,School of Electronics Engineering and Computer Science,Peking University,Beijing,China 4.State Key Laboratory of Information Security,Institute of Software,Chinese Academy of Sciences,Beijing,China |
| 推荐引用方式 GB/T 7714 | Xiong, Hu,Chen, Yanan,Guan, Zhiet al. Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys[J]. Information Sciences, 2013, 235: 329-340. |
| APA | Xiong, Hu, Chen, Yanan, Guan, Zhi, & Chen, Zhong. (2013). Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys. Information Sciences, 235, 329-340. |
| MLA | Xiong, Hu,et al."Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys". Information Sciences 235(2013): 329-340. |
| 条目包含的文件 | 条目无相关文件。 | |||||
| 个性服务 |
| 查看访问统计 |
| 谷歌学术 |
| 谷歌学术中相似的文章 |
| [Xiong, Hu]的文章 |
| [Chen, Yanan]的文章 |
| [Guan, Zhi]的文章 |
| 百度学术 |
| 百度学术中相似的文章 |
| [Xiong, Hu]的文章 |
| [Chen, Yanan]的文章 |
| [Guan, Zhi]的文章 |
| 必应学术 |
| 必应学术中相似的文章 |
| [Xiong, Hu]的文章 |
| [Chen, Yanan]的文章 |
| [Guan, Zhi]的文章 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
学校主页 
图书馆
修改评论