Unknown key share attack on STPKE' protocol

Abstract

Three-party authenticated key exchange protocol is an important cryptographic technique in the secure communication areas, by which two clients, each shares a human-memorable password with a trusted server, can agree a secure session key. Recently, Lu and Cao proposed a simple three party password-based key exchange protocol (STPKE protocol). They claimed that their protocol is secure, efficient and practical. Unlike their claims, Kim & Choi proved that the STPKE protocol is vulnerable to Undetectable on-line password guessing attacks, and suggested an enhanced protocol (STPKE' protocol). In this paper, an Unknown key share attack on STPKE' protocol is demonstrated.The attack is implemented using a comprehensive set of experiments and reported. Additionally, the countermeasures to resist the above attack are discussed. © 2010 Springer-Verlag Berlin Heidelberg.