Cryptanalysis of two provably secure cross-realm C2C-pake protocols

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4329 LNCS, Issue , 2006, Pages 104-117

  Phan, Raphael C W ^a   Goi, Bok Min ^b  

^a SWINBURNE UNIVERSITY OF TECHNOLOGY   (Malaysia)

^b MULTIMEDIA UNIVERSITY   (Malaysia)

Author keywords

Client to client; Cross realm; Cryptanalysis; Password authenticated key exchange; Provable security; Security model

Indexed keywords

AUTHENTICATION; CRYPTOGRAPHY;

CLIENT-TO-CLIENT; CROSS-REALM; CRYPTANALYSIS; PASSWORD-AUTHENTICATED KEY EXCHANGE; PROVABLE SECURITY; SECURITY MODEL;

NETWORK SECURITY;

EID: 37549042706     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11941378_9     Document Type: Conference Paper

References (29)

1. M. Abadi. Explicit Communication Revisited: Two New Attacks on Authentication Protocols. IEEE Transactions on Software Engineering, Vol. 23, No. 3, pp. 185-186, 1997.
2. M. Abdalla, P.-A. Fouque, and D. Pointcheval. Password-Based Authenticated Key Exchange in the Three-Party Setting. Proc. PKC ’05, LNCS 3386, pp. 65-84, 2005.
3. M. Abdalla and D. Pointcheval. Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication. Proc. FC ’05, LNCS 3570, pp. 341-356, 2005.
4. M. Abdalla and D. Pointcheval. Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication. Full version of [3], available online at http://www.di.ens.fr/∼pointche/pub.php?reference=AbPo05.
5. R. Anderson. Security Engineering − A Guide to Building Dependable Distributed Systems. Wiley, USA, 2001.
6. M. Bellare and P. Rogaway. Entity Authentication and Key Distribution. Advances in Cryptology - Crypto ’93, LNCS 773, pp. 232-249, 1993.
7. M. Bellare and P. Rogaway. Provably Secure Session Key Distribution: the Three Party Case. Proc. ACM STOC ’95, pp. 57–66, 1995.
8. M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated Key Exchange Secure against Dictionary Attacks. Advances in Cryptology - Eurocrypt ’00, LNCS 1807, pp. 139-155, 2000.
9. S. Bellovin and M. Merritt. Encrypted Key Exchange: Passwords based Protocols Secure against Dictionary Attacks. Proc. IEEE Symposium on Security & Privacy ’92, pp. 72-84, 1992.
10. J.W. Byun, I.R. Jeong, D.H. Lee, and C.S. Park. Password-Authenticated Key Exchange between Clients with Different Passwords. Proc. ICICS ’02, LNCS 2513, pp. 134-146, 2002.
11. J.W. Byun and D.H. Lee. N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. Proc. ACNS ’05, LNCS 3531, pp. 75-90, 2005.
12. J.W. Byun, D.H. Lee, and J. Lim. Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol. Proc. APWeb ’06, LNCS 3841, pp. 830-836, 2006.
13. L. Chen. A Weakness of the Password-Authenticated Key Agreement between Clients with Different Passwords Scheme. Circulated for consideration at the 27th SC27/WG2 meeting in Paris, France, ISO/IEC JTC 1/SC27 N3716, 2003-10-20.24, 2003.
14. K.-K.R. Choo, C. Boyd, and Y. Hitchcock. Examining Indistinguishability-Based Proof Models for Key Establishment Protocols. Advances in Cryptology - Asiacrypt ’05, LNCS 3788, pp. 585-604, 2005.
15. K.-K.R. Choo, C. Boyd, and Y. Hitchcock. Errors in Computational Complexity Proofs for Protocols. Advances in Cryptology - Asiacrypt ’05, LNCS 3788, pp. 624-643, 2005.
16. Y. Cliff, Y.S.T. Tin, and C. Boyd. Password Based Server Aided Key Exchange. Proc. ACNS ’06, LNCS 3989, pp. 146-161, 2006.
17. W. Diffie, P.C. van Oorschot, and M.J. Wiener. Authentication and Authenticated Key Exchanges. Design, Codes and Cryptography, Vol. 2, No. 2, pp. 107-125, 1992.
18. Y. Ding and P. Horster. Undetectable On-line Password Guessing Attacks. ACM Operating Systems Review, Vol. 29, No. 4, pp. 77-86, 1995.
19. Y. Hitchcock, Y.S.T. Tin, J.M. Gonzalez Nieto, C. Boyd, and P. Montague. A Password-Based Authenticator: Security Proof and Applications. Progress in Cryptology - Indocrypt ’03, LNCS 2904, pp. 388-401, 2003.
20. B.S. Kaliski Jr. An Unknown Key-Share Attack on the MQV Key Agreement Protocol. ACM TISSEC, Vol. 4, No. 3, pp. 275-288, 2001.
21. S. Katzenbeisser. On the Integration of Watermarks and Cryptography. Proc. IWDW ’03, LNCS 2939, pp. 50-60, 2003.
22. J. Kim, S. Kim, J. Kwak, and D. Won. Cryptanalysis and Improvement of Password-Authenticated Key Exchange Scheme between Clients with Different Passwords. Proc. ICCSA ’04, LNCS 3043, pp. 895-902, 2004.
23. S. Kim, H. Lee and H. Oh. Enhanced ID-based Authenticated Key Agreement Protocols for a Multiple Independent PKG Environment. Proc. ICICS ’05, LNCS 3783, pp. 323-336, 2005.
24. R.C.-W. Phan and B.-M. Goi. Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme. Proc. ACNS ’05, LNCS 3531, pp. 33-39, 2005.
25. R.C.-W. Phan and B.-M. Goi. Cryptanalysis of the N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. Proc. ACNS ’06, LNCS 3989, pp. 226-238, 2006.
26. J. Stern. Why Provable Security Matters? Advances in Cryptology - Eurocrypt ’03, LNCS 2656, pp. 449-461, 2003.
27. S. Wang, J. Wang, and M. Xu. Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords. Proc. ACNS ’04, LNCS 3089, pp. 414-425, 2004.
28. Y. Yin and L. Bao. Secure Cross-Realm C2C-PAKE Protocol. Proc. ACISP ’06, LNCS 4058, pp. 395-406, 2006.
29. E.-J. Yoon and K.-Y. Yoo. Cryptanalysis of Two User Identification Schemes with Key Distribution Preserving Anonymity. Proc. ICICS ’05, LNCS 3783, pp. 315-322, 2005.