论文信息 - Cryptanalysis of Some Client-to-Client Password-Authenticated Key Exchange Protocols

Cryptanalysis of Some Client-to-Client Password-Authenticated Key Exchange Protocols

Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) protocols allow two clients establish a common session key based on their passwords. In a secure C2C-PAKE protocol, there is no computationally bounded adversary learns anything about session keys shared between two clients. Especially a participating server should not learn anything about session keys. Server- compromise impersonation resilience is another desirable security property for a C2C-PAKE protocol. It means that compromising the password verifier of any client A should not enable outside adversary to share session key with A. Recently, Kwon and Lee proposed four C2C-PAKE protocols in the three-party setting, and Zhu et al. proposed a C2C-PAKE protocol in the cross-realm setting. All the proposed protocols are claimed to resist server compromise. However, in this paper, we show that Kwon and Lee’s protocols and Zhu et al’s protocol exist server compromise attacks, and a malicious server can mount man-in-themiddle attacks and can eavesdrop the communication between the two clients.

Bo Zhang | Tianjie Cao | Tao Quan

[1] Steven M. Bellovin,et al. Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[2] Dongho Won,et al. Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between Clients with Different Passwords , 2004, ICCSA.

[3] Gene Tsudik,et al. Refinement and extension of encrypted key exchange , 1995, OPSR.

[4] Eun-Jun Yoon,et al. A Secure Password-Authenticated Key Exchange Between Clients with Different Passwords , 2006, APWeb Workshops.

[5] Dong Hoon Lee,et al. Three-Party Password Authenticated Key Agreement Resistant to Server Compromise , 2006, WISA.

[6] Chang Guiran,et al. An Efficient Client-to-Client Password-Authenticated Key Exchange Resilient to Server Compromise , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).

[7] Dong Hoon Lee,et al. Password-Authenticated Key Exchange between Clients with Different Passwords , 2002, ICICS.

[8] Jerome H. Saltzer,et al. Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[9] Yongping Zhang,et al. Cryptanalysis of Two Password-Authenticated Key Exchange Protocols between Clients with Different Passwords , 2007 .