Abstract
In ICICS’02, Byun et al. presented a new client to client password-authenticated key exchange(C2C-PAKE) protocol in a cross-realm setting. In their paper, they argued that their C2C-PAKE protocol is secure against the Denning-Sacco attack of an insider adversary. In this paper, we show that, contrary to their arguments, the C2C-PAKE protocol is vulnerable to the Denning-Sacco attack by an insider adversary. And we also present the modified protocol to solve this problem.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellovin, S., Merrit, M.: Encrypted key exchange: password based protocols secure against dictionary attacks. In: Proceedings of the Symposium on Security and Privacy, pp. 72–84 (1992)
Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.S.: Password-Authenticated Key Exchange between Clients with Different Passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)
Chen, L.: A Weakness of the Password-Autenticated Key Agreement between Clients with Different Passwords Scheme. In: The document was being circulated for considertaion at the 27th the SC27/WG2 meeting in Paris, France, 2003-10-20/24 (2003)
Denning, D., Sacco, G.: Timestamps in key distribution protocols. Communications of the ACM 24(8), 533–536 (1981)
Goldreich, O., Lindell, Y.: Session-Key Generation Using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)
Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated key exchange Using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)
Steiner, M., Tsudik, G., Waider, M.: Refinement and extension of encrypted key exchange. ACM Operation Sys. Review 29(3), 22–30 (1995)
Wu, T.: Secure Remote Password Protocol. In: Proceedings of the Internet Society Network and Distributed System Security Symposium, pp. 97–111 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, J., Kim, S., Kwak, J., Won, D. (2004). Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between Clients with Different Passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_102
Download citation
DOI: https://doi.org/10.1007/978-3-540-24707-4_102
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22054-1
Online ISBN: 978-3-540-24707-4
eBook Packages: Springer Book Archive