Tzonelih Hwang

Learn More
Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed <i>Encrypted Key Exchange</i> (EKE)(More)
Key exchange protocol is important for sending secret messages using the session key between two parties. In order to reach the objective, the premise is to generate a session key securely. Encryption key exchange was first proposed to generate a session key with a weak authenticated password against guessing attacks. Next, another authenticated key(More)
Three-party key-exchange protocols with password authentication — clients share an easy-to-remember password with a trusted server only — are very suitable for applications requiring secure communications between many light-weight clients (end users); it is simply impractical that every two clients share a common secret. In 1995, Steiner, Tsudik and Waidner(More)
Lee and Yeh recently presented a delegation-based authentication protocol for portable communication systems (PCSs), which is claimed to provide non-repudiation in on-line authentication. This investigation indicates that their protocol has a weakness in that a malicious visited location register can forge the authentication messages in off-line(More)
Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE(More)