Security design for three-party encrypted key exchange protocol using smart cards

Three-Party encrypted key exchange (3PEKE) protocol is an important cryptographic mechanism, enabling two clients to communicate with each other through a trusted server. Specifically, it is often applied to provide confidential communications between two participants over an insecure network. In 2007, Lu and Cao proposed a simple and efficient version. Unfortunately, we find that there exists a design weakness in their mechanism. We therefore design a novel mechanism using smart cards. The smart-card based scheme (SC-3PEKE) not only confirms the security essentials of general 3PEKE methods, but also outperforms related works in terms of authentication overheads with the adoption of smart cards.