To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key w...To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key with the help of the server.In this protocol,the client stores a plaintext version of the password,while the server stores a verifier for the password.And the protocol uses verifiers to authenticate between clients and the server.The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks,server compromise attacks,man-in-the-middle attacks and Denning-Sacco attacks,and it is more efficient.展开更多
基金The National High Technology Research and Development Program of China(863Program)(No.2001AA115300)the Natural Science Foundation of Liaoning Province(No.20031018,20062023)
文摘To prevent server compromise attack and password guessing attacks,an improved and efficient verifier-based key exchange protocol for three-party is proposed,which enables two clients to agree on a common session key with the help of the server.In this protocol,the client stores a plaintext version of the password,while the server stores a verifier for the password.And the protocol uses verifiers to authenticate between clients and the server.The security analysis and performance comparison of the proposed protocol shows that the protocol can resist many familiar attacks including password guessing attacks,server compromise attacks,man-in-the-middle attacks and Denning-Sacco attacks,and it is more efficient.