Date Added: Jun 2012
The key exchange protocol using passwords achieved great attention due to its simplicity and efficiency. On the other hand, the protocol should resist all types of password guessing attacks, since the password is of low entropy. Recently Chang and Chang proposed a novel three party simple key exchange protocol. They claimed the protocol was secure, efficient and practical. Overriding their claims Yoon and Yoo presented an undetectable online password guessing attack on the above protocol. In the present paper an enhanced protocol has been proposed to eliminate undetectable online password guessing attack proposed by Yoon and Yoo. Moreover, the proposed enhanced protocol could achieve better performance efficiency by requiring only four message transmission rounds and the performance is analyzed on a comprehensive set of experiments.