论文信息 - Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme

Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme

Password-Authenticated Key Establishment (PAKE) protocols allow two parties, to share common secret keys in an authentic manner based on an easily memorizable password. At ICCSA 2004, an improved PAKE protocol between two clients of different realms was proposed that was claimed to be secure against attacks including the replay attack. In this paper, we cryptanalyze this protocol by showing two replay attacks that allow an attacker to falsely share a secret key with a legal client.

Raphael C.-W. Phan | Bok-Min Goi | R. Phan | B. Goi

[1] Antonio Laganà,et al. Computational Science and Its Applications – ICCSA 2004 , 2004, Lecture Notes in Computer Science.

[2] Feng Bao,et al. Security Analysis of a Password Authenticated Key Exchange Protocol , 2003, ISC.

[3] Tatsuaki Okamoto,et al. Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[4] Hung-Min Sun,et al. Three-party encrypted key exchange without server public-keys , 2001, IEEE Communications Letters.

[5] Sarvar Patel,et al. Number theoretic attacks on secure password schemes , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6] Jie Wang,et al. Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords , 2004, ACNS.

[7] Dongho Won,et al. Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between Clients with Different Passwords , 2004, ICCSA.

[8] Hung-Min Sun,et al. Three-party encrypted key exchange: attacks and a solution , 2000, OPSR.

[9] Dong Hoon Lee,et al. Password-Authenticated Key Exchange between Clients with Different Passwords , 2002, ICICS.