The key exchange protocol is one of the most elegant ways of establishing secure communication between pair of users by using a session key. The passwords are of low entropy, hence the protocol should resist all types of password guessing attacks. Recently ECC-3PEKE protocol has been proposed by Chang and Chang. They claimed the protocol is secure, efficient and practical. Unless their claims Yoon and Yoo presented an Undetectable online password guessing attack on the above protocol. A key recovery attack was proved on ECC-3PEKE protocol using the Undetectable online password guessing attack proposed by Yoon and Yon. In the present paper an Impersonation attack on ECC-3PEKE protocol using the Undetectable online password guessing attack proposed by Yoon and Yon is demonstrated.
展开▼
