Cryptanalysis of a Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol of CANS '09

In this paper, we cryptanalyze the recent smart card based client-to-client password-authenticated key agreement (C2C-PAKA-SC) protocol for cross-realm settings proposed at CANS '09. While client-to-client password-authenticated key exchange (C2C-PAKE) protocols exist in literature, what is interesting about this one is that it is the only such protocol claimed to offer security against password compromise impersonation without depending on public-key cryptography, and is one of the few C2C-PAKE protocols with provable security that has not been cryptanalyzed. We present three impersonation attacks on this protocol; the first two are easier to mount than the designer-considered password compromise impersonation. Our results are the first known cryptanalysis results on C2C-PAKA-SC.

[1]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[2]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[3]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[4]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Yin Yin,et al.  Secure Cross-Realm C2C-PAKE Protocol , 2006, ACISP.

[6]  Dong Hoon Lee,et al.  N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords , 2005, ACNS.

[7]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[8]  Phillip Rogaway,et al.  On the Role Definitions in and Beyond Cryptography , 2004, ASIAN.

[9]  Dengguo Feng,et al.  A New Client-to-Client Password-Authenticated Key Agreement Protocol , 2009, IWCC.

[10]  Colin Boyd,et al.  Errors in Computational Complexity Proofs for Protocols , 2005, ASIACRYPT.

[11]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[12]  Raphael C.-W. Phan,et al.  Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme , 2005, ACNS.

[13]  Dong Hoon Lee,et al.  Password-Authenticated Key Exchange between Clients with Different Passwords , 2002, ICICS.

[14]  Eun-Jun Yoon,et al.  A Secure Password-Authenticated Key Exchange Between Clients with Different Passwords , 2006, APWeb Workshops.

[15]  Yanchun Zhang,et al.  Frontiers of WWW Research and Development - APWeb 2006, 8th Asia-Pacific Web Conference, Harbin, China, January 16-18, 2006, Proceedings , 2006, APWeb.

[16]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[17]  Dongho Won,et al.  Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between Clients with Different Passwords , 2004, ICCSA.

[18]  Dong Hoon Lee,et al.  Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol , 2006, APWeb.

[19]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[20]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[21]  David Pointcheval,et al.  Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication , 2005, Financial Cryptography.

[22]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[23]  Dong Hoon Lee,et al.  EC2C-PAKA: An efficient client-to-client password-authenticated key agreement , 2007, Inf. Sci..

[24]  Colin Boyd,et al.  Examining Indistinguishability-Based Proof Models for Key Establishment Protocols , 2005, ASIACRYPT.

[25]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[26]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[27]  Raphael C.-W. Phan,et al.  Cryptanalysis of the N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords , 2006, ACNS.

[28]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[29]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[30]  Giovanni Di Crescenzo,et al.  Efficient Kerberized Multicast in a Practical Distributed Setting , 2001, ISC.

[31]  Raphael C.-W. Phan,et al.  Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols , 2006, INDOCRYPT.

[32]  Martín Abadi,et al.  Explicit Communication Revisited: Two New Attacks on Authentication Protocols , 1997, IEEE Trans. Software Eng..

[33]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[34]  Burton S. Kaliski,et al.  An unknown key-share attack on the MQV key agreement protocol , 2001, ACM Trans. Inf. Syst. Secur..

[35]  Tanja Lange,et al.  Progress in Cryptology - INDOCRYPT 2006, 7th International Conference on Cryptology in India, Kolkata, India, December 11-13, 2006, Proceedings , 2006, INDOCRYPT.

[36]  Jie Wang,et al.  Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords , 2004, ACNS.

[37]  Serge Vaudenay Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings , 2005, Public Key Cryptography.

[38]  Jing Xu,et al.  An Efficient and Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol with Smart Cards , 2009, CANS.

[39]  Yeow Meng Chee,et al.  Coding and Cryptology, Second International Workshop, IWCC 2009, Zhangjiajie, China, June 1-5, 2009. Proceedings , 2009, IWCC.

[40]  Jacques Stern,et al.  Why Provable Security Matters? , 2003, EUROCRYPT.

[41]  Yongping Zhang,et al.  Cryptanalysis of Two Password-Authenticated Key Exchange Protocols between Clients with Different Passwords , 2007 .

[42]  Antonio Laganà,et al.  Computational Science and Its Applications – ICCSA 2004 , 2004, Lecture Notes in Computer Science.