Abstract  This paper discusses the security for a simple and efficient three"party password"based authenticated key exchange protocol proposed by Huang most recently. Our analy sis shows her protocol is still vulnerable to three kinds of attacks: 1). undetectable on"line dictionary attacks, 2). ke y"compromise impersonation attack. Thereafter we pr opose an enhanced protocol that can defeat the attacks described and yet is reasonably efficient.

References

[1] Abdalla M., Bresson E., Chevassut O., M ller B., and Pointcheval D., Provably Secure Password-Based Authentication in TLS, in Proceedings of the 1 st ACM Symposium on Information, Computer and Communications Security , USA, pp. 35-45, 2006.

[2] Abdalla M., Fouque P., and Pointcheval D., Password-Based Authenticated Key Exchange in the Three-Party Setting, in Proceedings of IEEE Information Security , vol. 153, pp. 27-39, 2006,

[3] Abdalla M. and Pointcheval D., Simple Password-Based Encrypted Key Exchange Protocols, in Proceedings of the International Conference on Topics in Cryptology , USA, vol. 3376, pp. 191-208, 2005.

[4] Abdalla M. and Pointcheval D., Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication, in Proceedings of the 9 th International Conference on Financial Cryptography , Berlin, pp. 341-356, 2005.

[5] Bellovin S. and Merritt M., Encrypted key Exchange: Password-Based Protocols Secure Against Dictionary Attacks, in Proceedings of Enhancements of a Three"party Password"based Authenticated Key Exchange Protocol 221 IEEE Symposium on Security and Privacy , USA, pp. 72-84, 1992.

[6] Boyd C. and Mathuria A., Protocols for Authentication and Key Establishment , Springer- Verlag, 2003.

[7] Bresson E., Chevassut O., and Pointcheval D., New Security Results on Encrypted Key Exchange, in Proceedings of Public Key Cryptography , Berlin, pp. 145-158, 2004.

[8] Choo K., Boyd C., and Hitchcock Y., Examining Indistinguishability-Based Proof Models for Key Establishment Protocols, in Proceedings of the 11 th International Conference on Theory and Application of Cryptology and Information Security , Heidelberg, pp. 585-604, 2005.

[9] Chung H. and Ku W., Three Weaknesses in a Simple Three-Party Key Exchange Protocol, Information Science , vol. 178, no. 1, pp. 220-229, 2008.

[10] Guo H., Li Z., Mu Y., and Zhang X., Cryptanalysis of Simple Three-Party Key Exchange Protocol, Computers and Security , vol. 27, no. 1-2, pp. 16-21, 2008.

[11] Hassan M. and Abdullah A., A New Grid Resource Discovery Framework, The International Arab Journal of Information Technology , vol. 8, no. 1, pp. 99-107, 2011.

[12] Huang H., A Simple Three-Party Password- Based Key Exchange Protocol, International Journal of Communications and Systems , vol. 22, no. 7, pp. 857-862, 2009.

[13] Kim H. and Choi J., Enhanced Password-Based Simple Three-Party Key Exchange Protocol, Computers and Electrical Engineering , vol. 35, no. 1, pp. 107-114, 2009.

[14] Kobara K. and Imai H., Pretty-simple Password- Authenticated Key-Exchange Under Standard Assumptions, IEICE Transactions , vol. E85-A, no. 10, pp. 2229-2237, 2002.

[15] Lee T., Hwang T., and Lin C., Enhanced Three- Party Encrypted Key Exchange Without Server s Public Keys, Computers and Security , vol. 23, no. 7, pp. 571-577, 2004.

[16] Lee S., Kim H., and Yoo K., Efficient Verifier- Based Key Agreement For Three Parties Without Server s Public Key, Applied Mathematics and Computation , vol. 167, no. 2, pp. 996-1003, 2005.

[17] Lin C., Sun H. and Hwang T., Three-Party Encrypted Key Exchange Attacks and A Solution, ACM Operating Systems Review , vol. 34, no. 4, pp. 12-20, 2000.

[18] Lin C., Sun H., Steiner M., and Hwang T., Three-Party Encrypted Key Exchange Without Server s Public Keys, IEEE Communications Letters , vol. 5, no. 12, pp. 497-499, 2001.

[19] Lu R. and Cao Z., Simple Three-Party Key Exchange Protocol, Computers and Security , vol. 26, no. 1, pp. 94-97, 2007.

[20] MacKenzie P., The PAK Suite: Protocols for Password-Authenticated Key Exchange, Technical Report , DIMACS Center, Rutgers University, Contributions to IEEE P1363.2, 2002.

[21] Nam J., Paik J., Kang H., Kim U., and Won D., An Off-Line Dictionary Attack on A Simple Three-Party Key Exchange Protocol, IEEE Communications Letters , vol. 13, no. 3, pp. 205- 207, 3009.

[22] Phan R., Yau W., and Goi B., Cryptanalysis of Simple Three-Party Key Exchange Protocol (S- 3PAKE), Information Science , vol. 178, no. 13, pp. 2849-2856, 2008.

[23] Wang W. and Hu L., Efficient and Provably Secure Generic Construction of Three-Party Password-Based Authenticated Key Exchange Protocols, in Proceedings of the 7 th International Conference On Cryptology , India, pp. 118-132, 2006.

[24] Yoon E. and Yoo K., Cryptanalysis of a Simple Three-Party Password-Based Key Exchange Protocol, International Journal of Communication Systems , vol. 24, no. 4, pp. 532- 542, 2011. Shuhua Wu is a lecturer at Networks Engineering Department, Information Science Technology Institute, China. Currently, he is a postdoctor at the Department of Computer Science and Engineering, Shanghai Jiaotong University. His research interests include cryptology and communication protocols. Kefei Chen he received his PhD degree in Justus Liebig University Giessen, Germany, in 1994. His main research areas are classical and modern cryptography, theory and technology of network security, etc. Since 1996, he came to Shanghai Jiaotong University and became the professor at the Department of Computer Science and Engineering. Up to now (1996-2007), he has published more than 80 academic papers on cryptology. Yuefei Zhu is a professor of Networks Engineering Department, Information Science Technology Institute, China. His research interests include cryptology and information security.