In 2007, Lu and Cao proposed a simple, three-party, password-based, authenticated key exchange (S-3PEKE) protocol based on the chosen-basis computational Diffie–Hellman assumption. Although the authors claimed that their protocol was superior to similar protocols from the aspects of security and efficiency, Chung and Ku pointed out later that S-3PEKE is vulnerable to an impersonation-of-initiator attack, an impersonation-of-responder attack, and a man-in-the-middle attack. Therefore, Chung and Ku also proposed a countermeasure with a formal proof to remedy the security flaws. Unfortunately, we have determined that Chung and Ku’s protocol cannot withstand an off-line password guessing attack. In this paper, we briefly review Chung and Ku’s protocol, demonstrate its weakness, and propose an enhanced version that is provably secure in the three-party setting.
