Skip to Main Content
In 2008, Yoon and Yoo  proposed a password-based 3PEKE scheme, which can improve some secure weaknesses of the password-based 3PEKE scheme . However, in 2009, Lo and Yeh  shown that the 3PEKE scheme  cannot resist undetectable on-line password guessing attacks and proposed a new approach to solve this problem. Although they actually propose an improved approach, the exchange-message roles are quite different from the traditional 3PEKE schemes [2–5, 8, 10–13, 15, 17–10, 21, 22] in which the key information be exchanged between just one specific client and server. That is, a client will still act as the intermediate role who exchanges the messages flow between the other client and server. In other words, both clients  will exchange key information with server, individually. Therefore, we propose an approach, which is called Three-party Encrypted Key Exchange Protocol with Protected Password Authentication (3PEKE-PPA), to improve the traditional password-based 3PEKE scheme. Our scheme can achieve effective implement and resist undetectable on-line password guessing attacks.
Date of Conference: 4-6 Aug. 2010