@inproceedings{34dff4f464fc4283a55247db64ea87c4,
title = "Password-authenticated key exchange between clients with different passwords",
abstract = "Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.",
keywords = "Cross-realm, Dictionary attack, Kerberos, Key exchange, Password authentication",
author = "Byun, {Jin Wook} and Jeong, {ik rae} and Lee, {Dong Hoon} and Park, {Chang Seop}",
year = "2002",
language = "English",
isbn = "3540001646",
volume = "2513",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "134--146",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
note = "4th International Conference on Information and Communications Security, ICICS 2002 ; Conference date: 09-12-2002 Through 12-12-2002",
}