Unknown Key Share Attack on STPKE’ Protocol

Abstract

Three-party authenticated key exchange protocol is an important cryptographic technique in the secure communication areas, by which two clients, each shares a human-memorable password with a trusted server, can agree a secure session key. Recently, Lu and Cao proposed a simple three party passwordbased key exchange protocol (STPKE protocol). They claimed that their protocol is secure, efficient and practical. Unlike their claims, Kim & Choi proved that the STPKE protocol is vulnerable to Undetectable on-line password guessing attacks, and suggested an enhanced protocol (STPKE’ protocol). In this paper, an Unknown key share attack on STPKE’ protocol is demonstrated. The attack is implemented using a comprehensive set of experiments and reported. Additionally, the countermeasures to resist the above attack are discussed