Cryptanalysis of a client-to-client password-authenticated key agreement protocol

نویسندگان

  • Fengjiao Wang
  • Yuqing Zhang
چکیده

Fengjiao Wang and Yuqing Zhang (National Computer Network Intrusion Protection Center, GSCAS, Beijing, China) Abstract—Recently, Byun et al. proposed an efficient client-to-client password-authenticated key agreement protocol (EC2C-PAKA), which was provably secure in a formally defined security model. This letter shows that EC2C-PAKA protocol is vulnerable to password compromise impersonate attack and man-in-the-middle attack if the key between servers is compromised. Index Terms — Cryptanalysis, EC2C-PAKA, impersonate attack, man-in-the-middle attack.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Cryptanalysis of Two Password-Authenticated Key Exchange Protocols

In large-scale client-client communication environments, Password-Authenticated Key Exchange (PAKE) based on trusted server is very convenient in key management. For enhancing the efficiency and preventing various attacks, Wang and Mo proposed a three-PAKE protocol, Yoon and Yoo proposed a C2C-PAKE protocol. However, in this paper, we show that the Wang-Mo protocol and the Yoon-Yoo protocol exi...

متن کامل

Cryptanalysis of a new protocol of wide use for email with perfect forward secrecy

This paper considers security analysis of a cross-realm client-to-client password-authenticated key exchange (C2C-PAKE) protocol with indirect communication structure that was proposed for secure email. The protocol does not need any public key infrastructure (PKI) and was designed to enable senders and recipients of emails to register at different mail servers. However, mail servers require sh...

متن کامل

Cryptanalysis of Yang-Li-Liao’s Simple Three-Party Key Exchange (S-3PAKE) Protocol

Three-party password authenticated key exchange (3PAKE) protocols are widely deployed on lots of remote user authentication system due to its simplicity and convenience of maintaining a human-memorable password at client side to achieve secure communication within a hostile network. Recently, an improvement of 3PAKE protocol by processing a built-in data attached to other party for identity aut...

متن کامل

Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol

We study client-to-client password-authenticated key exchange (C2C-PAKE) enabling two clients in different realms to agree on a common session key using different passwords. Byun et al. first presented C2C-PAKE schemes under the cross-realm setting. However, the schemes were not formally treated, and subsequently found to be flawed. In addition, in the schemes, there are still rooms for improve...

متن کامل

EC2C-PAKA: An efficient client-to-client password-authenticated key agreement

Most password-authenticated key agreement schemes described in the literature have focused on authenticated key agreement using a shared password between a client and a server. With rapid changes in the modern communication environment such as ad-hoc networks and ubiquitous computing, it is necessary to construct a secure end-to-end channel between clients. This paradigm is a quite different pa...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2008  شماره 

صفحات  -

تاریخ انتشار 2008