Cryptanalysis of a client-to-client password-authenticated key agreement protocol
نویسندگان
چکیده
Fengjiao Wang and Yuqing Zhang (National Computer Network Intrusion Protection Center, GSCAS, Beijing, China) Abstract—Recently, Byun et al. proposed an efficient client-to-client password-authenticated key agreement protocol (EC2C-PAKA), which was provably secure in a formally defined security model. This letter shows that EC2C-PAKA protocol is vulnerable to password compromise impersonate attack and man-in-the-middle attack if the key between servers is compromised. Index Terms — Cryptanalysis, EC2C-PAKA, impersonate attack, man-in-the-middle attack.
منابع مشابه
Cryptanalysis of Two Password-Authenticated Key Exchange Protocols
In large-scale client-client communication environments, Password-Authenticated Key Exchange (PAKE) based on trusted server is very convenient in key management. For enhancing the efficiency and preventing various attacks, Wang and Mo proposed a three-PAKE protocol, Yoon and Yoo proposed a C2C-PAKE protocol. However, in this paper, we show that the Wang-Mo protocol and the Yoon-Yoo protocol exi...
متن کاملCryptanalysis of a new protocol of wide use for email with perfect forward secrecy
This paper considers security analysis of a cross-realm client-to-client password-authenticated key exchange (C2C-PAKE) protocol with indirect communication structure that was proposed for secure email. The protocol does not need any public key infrastructure (PKI) and was designed to enable senders and recipients of emails to register at different mail servers. However, mail servers require sh...
متن کاملCryptanalysis of Yang-Li-Liao’s Simple Three-Party Key Exchange (S-3PAKE) Protocol
Three-party password authenticated key exchange (3PAKE) protocols are widely deployed on lots of remote user authentication system due to its simplicity and convenience of maintaining a human-memorable password at client side to achieve secure communication within a hostile network. Recently, an improvement of 3PAKE protocol by processing a built-in data attached to other party for identity aut...
متن کاملEfficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol
We study client-to-client password-authenticated key exchange (C2C-PAKE) enabling two clients in different realms to agree on a common session key using different passwords. Byun et al. first presented C2C-PAKE schemes under the cross-realm setting. However, the schemes were not formally treated, and subsequently found to be flawed. In addition, in the schemes, there are still rooms for improve...
متن کاملEC2C-PAKA: An efficient client-to-client password-authenticated key agreement
Most password-authenticated key agreement schemes described in the literature have focused on authenticated key agreement using a shared password between a client and a server. With rapid changes in the modern communication environment such as ad-hoc networks and ubiquitous computing, it is necessary to construct a secure end-to-end channel between clients. This paradigm is a quite different pa...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2008 شماره
صفحات -
تاریخ انتشار 2008