Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Science and Its Applications

ICCSA 2004: Computational Science and Its Applications – ICCSA 2004 pp 895–902Cite as

Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between Clients with Different Passwords

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3043))

Abstract

In ICICS’02, Byun et al. presented a new client to client password-authenticated key exchange(C2C-PAKE) protocol in a cross-realm setting. In their paper, they argued that their C2C-PAKE protocol is secure against the Denning-Sacco attack of an insider adversary. In this paper, we show that, contrary to their arguments, the C2C-PAKE protocol is vulnerable to the Denning-Sacco attack by an insider adversary. And we also present the modified protocol to solve this problem.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  2. Bellovin, S., Merrit, M.: Encrypted key exchange: password based protocols secure against dictionary attacks. In: Proceedings of the Symposium on Security and Privacy, pp. 72–84 (1992)

    Google Scholar 

  3. Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.S.: Password-Authenticated Key Exchange between Clients with Different Passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  5. Chen, L.: A Weakness of the Password-Autenticated Key Agreement between Clients with Different Passwords Scheme. In: The document was being circulated for considertaion at the 27th the SC27/WG2 meeting in Paris, France, 2003-10-20/24 (2003)

    Google Scholar 

  6. Denning, D., Sacco, G.: Timestamps in key distribution protocols. Communications of the ACM 24(8), 533–536 (1981)

    Article  Google Scholar 

  7. Goldreich, O., Lindell, Y.: Session-Key Generation Using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated key exchange Using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Steiner, M., Tsudik, G., Waider, M.: Refinement and extension of encrypted key exchange. ACM Operation Sys. Review 29(3), 22–30 (1995)

    Article  Google Scholar 

  10. Wu, T.: Secure Remote Password Protocol. In: Proceedings of the Internet Society Network and Distributed System Security Symposium, pp. 97–111 (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. KISA (Korea Information Security Agency), 78, Garag-Dong, Songpa-Gu, Seoul, 138-803, Korea

    Jeeyeon Kim

  2. Sungkyunkwan University, 300 Chunchun-Dong, Suwon, Kyunggi-Do, 440-746, Korea

    Seungjoo Kim, Jin Kwak & Dongho Won

Authors
  1. Jeeyeon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seungjoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jin Kwak
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  5. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  6. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, J., Kim, S., Kwak, J., Won, D. (2004). Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between Clients with Different Passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_102

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24707-4_102

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22054-1

  • Online ISBN: 978-3-540-24707-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation