cryptanalysis of an efficient three-party key exchange protocol

In a three party authenticated key exchange protocol, two clients intend to establish a session key with the help of the trusted server, during which the authentication is realized by messages exchange about password which is shared between each client and the trusted server. In 2009, Huang proposed an efficient three party authenticated key exchange for mobile communications without the server's public key and stated that it can resist various attacks and receive high efficiency. However, this paper demonstrates that Huang's protocol is vulnerable to undetectable online password guessing attacks and off-line password guessing attacks. © 2012 IEEE.In a three party authenticated key exchange protocol, two clients intend to establish a session key with the help of the trusted server, during which the authentication is realized by messages exchange about password which is shared between each client and the trusted server. In 2009, Huang proposed an efficient three party authenticated key exchange for mobile communications without the server's public key and stated that it can resist various attacks and receive high efficiency. However, this paper demonstrates that Huang's protocol is vulnerable to undetectable online password guessing attacks and off-line password guessing attacks. © 2012 IEEE