Security Analysis of Two Password-Authenticated Multi-Key Exchange Protocols.

Mobile communications (e.g., emails, Snapchat and Facebook) over a wireless connection is a norm in our Internet-connected society. Ensuring the security of communications between devices is an ongoing challenge. A number of authenticated key exchange (AKE) protocols have been proposed to verify the authenticity of a user and the integrity of messages sent over an insecure wireless communication channel. Recently, Tsai et al. proposed two AKE protocols designed for wireless network systems. In this paper, we demonstrate that their protocols are vulnerable to off-line password guessing attacks through presenting concrete attacks, contrary to their claims.