摘要:Recently Xie et al. [Q. Xie, N. Dong, X. Tan. D. Wong, G. Wang. Improvement of a three-party password-based key exchange protocol with formal verification. Information Technology and Control, 2013, Vol. 42, No. 3, 231-237] proposed an efficient three-party password-based key exchange protocol and used a formal verification tool to verify its security. In this paper, we demonstrate that their protocol is vulnerable to the off-line password guessing attack and the key compromise impersonation attack. The analysis shows that their protocol is not secure for practical applications. To overcome weaknesses in Xie et al.’s protocol, we also propose an improved 3PAKE protocol. Analysis shows that our protocol not only overcomes those weaknesses, but also has better performance. Therefore, our protocol is more suitable for practical applications.
