Skip to Main Content
In 2005, Lee and Lee pointed out that Lee N.Y. et al.'s password based authenticated key agreement protocol is vulnerable to a man-in-the-middle attack, and then proposed an improvement to overcome the attack. The current paper, however, demonstrates that Lee and Lee's password based authenticated key agreement protocol is still vulnerable to off-line password guessing attacks. We also propose an improvement to the protocol in order to overcome such attacks.