Cryptanalysis of Lo et al.'s password based authentication scheme

Abstract

A key exchange protocol allows more than two parties to communicate over the insecure channel to establish common shared secret key called session key. Due to the significance of this notion to establish secure communication among parties, in literature there have been numerous approach have been proposed and analyzed based on their merits and de-merits. Recently, Lo et al. proposed a 3-party Password based Authenticated Key Exchange protocol in which two or more users equipped with pre-shared secrets to the server and can able to generate the session key with the help of the server. They claimed that their approach is resist against any known attacks. However, we observe that their protocol is not secure against against off-line password guessing attack, long term secret compromise attack as well as compromise of previous session can lead to compromise all involving users for future communication. Therefore, in this this paper first we have analyzed these attacks and suggest the improve scheme that overcomes these attacks. © 2013 Springer Science+Business Media.