Cryptanalysis and improvement of password authenticated key exchange scheme between clients with different passwords

Jeeyeon Kim, Seung-Joo Kim, Jin Kwak, Dongho Won

Research output: Contribution to journalArticle

39 Citations (Scopus)

Abstract

In ICICS'02, Byun et al. presented a new client to client password-authenticated key exchange(C2C-PAKE) protocol in a crossrealm setting. In their paper, they argued that their C2C-PAKE protocol is secure against the Denning-Sacco attack of an insider adversary. In this paper, we show that, contrary to their arguments, the C2C-PAKE protocol is vulnerable to the Denning-Sacco attack by an insider adversary. And we also present the modified protocol to solve this problem.

Original languageEnglish
Pages (from-to)895-902
Number of pages8
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3043
Publication statusPublished - 2004 Dec 1
Externally publishedYes

Fingerprint

Authenticated Key Exchange
Password
Cryptanalysis
Attack

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

@article{3676575458144a99a2f73ebfca6bb50b,
title = "Cryptanalysis and improvement of password authenticated key exchange scheme between clients with different passwords",
abstract = "In ICICS'02, Byun et al. presented a new client to client password-authenticated key exchange(C2C-PAKE) protocol in a crossrealm setting. In their paper, they argued that their C2C-PAKE protocol is secure against the Denning-Sacco attack of an insider adversary. In this paper, we show that, contrary to their arguments, the C2C-PAKE protocol is vulnerable to the Denning-Sacco attack by an insider adversary. And we also present the modified protocol to solve this problem.",
author = "Jeeyeon Kim and Seung-Joo Kim and Jin Kwak and Dongho Won",
year = "2004",
month = "12",
day = "1",
language = "English",
volume = "3043",
pages = "895--902",
journal = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
issn = "0302-9743",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - Cryptanalysis and improvement of password authenticated key exchange scheme between clients with different passwords

AU - Kim, Jeeyeon

AU - Kim, Seung-Joo

AU - Kwak, Jin

AU - Won, Dongho

PY - 2004/12/1

Y1 - 2004/12/1

N2 - In ICICS'02, Byun et al. presented a new client to client password-authenticated key exchange(C2C-PAKE) protocol in a crossrealm setting. In their paper, they argued that their C2C-PAKE protocol is secure against the Denning-Sacco attack of an insider adversary. In this paper, we show that, contrary to their arguments, the C2C-PAKE protocol is vulnerable to the Denning-Sacco attack by an insider adversary. And we also present the modified protocol to solve this problem.

AB - In ICICS'02, Byun et al. presented a new client to client password-authenticated key exchange(C2C-PAKE) protocol in a crossrealm setting. In their paper, they argued that their C2C-PAKE protocol is secure against the Denning-Sacco attack of an insider adversary. In this paper, we show that, contrary to their arguments, the C2C-PAKE protocol is vulnerable to the Denning-Sacco attack by an insider adversary. And we also present the modified protocol to solve this problem.

UR - http://www.scopus.com/inward/record.url?scp=35048854202&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=35048854202&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:35048854202

VL - 3043

SP - 895

EP - 902

JO - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

JF - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SN - 0302-9743

ER -