Password-Authenticated Key Exchange between Clients with Different Passwords
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
EC2C-PAKA: An efficient client-to-client password-authenticated key agreement
Information Sciences: an International Journal
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient and provably secure client-to-client password-based key exchange protocol
APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
A secure password-authenticated key exchange between clients with different passwords
APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Secure cross-realm C2C-PAKE protocol
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Cross-realm password-based server aided key exchange
WISA'10 Proceedings of the 11th international conference on Information security applications
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Hi-index | 0.00 |
Client-to-client password-authenticated key agreement (C2C-PAKA) protocol deals with the authenticated key agreement process between two clients of different realms, who only share their passwords with their own servers. Recently, Byun et al. [13] proposed an efficient C2C-PAKA protocol and carried a claimed proof of security in a formal model of communication and adversarial capabilities. In this paper, we show that the protocol is insecure against password-compromise impersonation attack and the claim of provable security is seriously incorrect. To draw lessons from these results, we revealed fatal flaws in Byun et al.'s security model and their proof of security. Then, we modify formal security model and corresponding security definitions. In addition, a new cross-realm C2C-PAKA protocol is presented with security proof.