In ICICS'02, Byun et al. presented a new client to client password-authenticated key exchange(C2C-PAKE) protocol in a crossrealm setting. In their paper, they argued that their C2C-PAKE protocol is secure against the Denning-Sacco attack of an insider adversary. In this paper, we show that, contrary to their arguments, the C2C-PAKE protocol is vulnerable to the Denning-Sacco attack by an insider adversary. And we also present the modified protocol to solve this problem.
|Number of pages||8|
|Journal||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Publication status||Published - 2004|
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)