IMPROVING THE LEE-LEE'S PASSWORD BASED AUTHENTICATED KEY AGREEMENT PROTOCOL

Password based authenticated key agreement protocols have been the most widely used methods for user authentication, since it allows people to choose and remember their own passwords without any assistant device. Password based authenticated key agreement protocols, however, are vulnerable to password guessing attacks since users usually choose easy-to-remember passwords. Recently, Lee and Lee pointed out that N. Y. Lee et al.'s password based authenticated key agreement protocol is vulnerable to a man-in-the-middle attack, and then proposed an improvement to overcome the attack. The current paper, however, demonstrates that Lee-Lee's password based authenticated key agreement protocol is still vulnerable to off-line password guessing attacks, and then proposes an improvement of the protocol in order to overcome such security attacks. Compared with Lee-Lee's protocol, the proposed protocol is very useful in password-based Internet and wire/wireless communication environments to access remote information systems since it provides security, reliability and efficiency.