Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between Clients with Different Passwords
In ICICS’02, Byun et al. presented a new client to client password-authenticated key exchange(C2C-PAKE) protocol in a cross-realm setting. In their paper, they argued that their C2C-PAKE protocol is secure against the Denning-Sacco attack of an insider adversary. In this paper, we show that, contrary to their arguments, the C2C-PAKE protocol is vulnerable to the Denning-Sacco attack by an insider adversary. And we also present the modified protocol to solve this problem.
KeywordsReplay Attack Dictionary Attack Perfect Forward Secrecy Malicious Server Middle Attack
Unable to display preview. Download preview PDF.
- 2.Bellovin, S., Merrit, M.: Encrypted key exchange: password based protocols secure against dictionary attacks. In: Proceedings of the Symposium on Security and Privacy, pp. 72–84 (1992)Google Scholar
- 5.Chen, L.: A Weakness of the Password-Autenticated Key Agreement between Clients with Different Passwords Scheme. In: The document was being circulated for considertaion at the 27th the SC27/WG2 meeting in Paris, France, 2003-10-20/24 (2003)Google Scholar
- 10.Wu, T.: Secure Remote Password Protocol. In: Proceedings of the Internet Society Network and Distributed System Security Symposium, pp. 97–111 (1998)Google Scholar