Skip to Main Content
Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. In 1995, Steiner et al. proposed a password-based authentication key exchange protocol for three-party, where the two clients trying to establish a common secret key do not share a password between themselves but only with a trusted server. Recently, Hung-Min Sun et al. proposed a attack on Steiner et al.'s protocol, and proposed a new key agreement protocol for three-party. They claimed their protocol prevented all kind of attacks. However, In this paper, we show that Hung-Min Sun et al.'s protocol is insecure. Furthermore, a new improved protocol is proposed.