Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Trans.,IT-22, pp. 644-654, 1976.
	2	Robert Morris , Ken Thompson, Password security: a case history, Communications of the ACM, v.22 n.11, p.594-597, Nov. 1979  [doi>10.1145/359168.359172]
	3	Steven M. Bellovin , Michael Merritt, Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.72, May 04-06, 1992
	4	Steven M. Bellovin , Michael Merritt, Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise, Proceedings of the 1st ACM conference on Computer and communications security, p.244-250, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168618]
	5	L. Gong, M. Lomas, R. Needham and J. Saltzer, Protecting Poorly Chosen Secrets from Guessing Attacks, IEEE Journal on Selected Areas in Communications,11(5), pp. 648-656, 1993.
	6	Yun Ding , Patrick Horster, Undetectable on-line password guessing attacks, ACM SIGOPS Operating Systems Review, v.29 n.4, p.77-86, Oct. 1995  [doi>10.1145/219282.219298]
	7	Li Gong, Optimal authentication protocols resistant to password guessing attacks, Proceedings of the The Eighth IEEE Computer Security Foundations Workshop (CSFW '95), p.24, March 13-15, 1995
	8	Michael Steiner , Gene Tsudik , Michael Waidner, Refinement and extension of encrypted key exchange, ACM SIGOPS Operating Systems Review, v.29 n.3, p.22-30, July 1995  [doi>10.1145/206826.206834]
	9	David P. Jablon, Strong password-only authenticated key exchange, ACM SIGCOMM Computer Communication Review, v.26 n.5, p.5-26, Oct. 1996  [doi>10.1145/242896.242897]
	10	B. Jaspan, Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks, Proceedings of the Sixth Annual USENIX Security Conference, pp. 43-50, 1996.
	11	Taekyoung Kwon , Myeong Kang , Jooseok Song, An Adaptable and Reliable Authentication Protocol for Communication Networks, Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution, p.737, April 09-11, 1997
	12	T. Wu, The Secure Remote Password Protocol, Internet Society Symposium on Network and Distributed System Security, 1998.
	13	T. Kwon, M. Kang, S. Jung and J. Song, An Improvement of the Password-Based Authentication protocol (K1P) on Security against Replay Attacks, IEICE Trans. Commun.,E82-B(7), pp. 991-997, 1999.
	14	T. Kwon and J. Song, Secure Agreement Scheme for gxy via Password Authentication, Electronics Letters,35(11), pp. 892-893, 1999.