A New Client-to-Client Password-Authenticated Key Agreement Protocol

Authors:
Deng-Guo Feng;Jing Xu
Affiliations:
State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R.China;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R.China
Venue:
IWCC '09 Proceedings of the 2nd International Workshop on Coding and Cryptology
Year:
2009

Citing 12
Cited 3

Password-Authenticated Key Exchange between Clients with Different Passwords

ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Foundations of Cryptography: Volume 2, Basic Applications

Foundations of Cryptography: Volume 2, Basic Applications
EC2C-PAKA: An efficient client-to-client password-authenticated key agreement

Information Sciences: an International Journal
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient and provably secure client-to-client password-based key exchange protocol

APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
A secure password-authenticated key exchange between clients with different passwords

APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
Password-Based authenticated key exchange in the three-party setting

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Secure cross-realm C2C-PAKE protocol

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

An Efficient and Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol with Smart Cards

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Cross-realm password-based server aided key exchange

WISA'10 Proceedings of the 11th international conference on Information security applications
Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09

CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Client-to-client password-authenticated key agreement (C2C-PAKA) protocol deals with the authenticated key agreement process between two clients of different realms, who only share their passwords with their own servers. Recently, Byun et al. [13] proposed an efficient C2C-PAKA protocol and carried a claimed proof of security in a formal model of communication and adversarial capabilities. In this paper, we show that the protocol is insecure against password-compromise impersonation attack and the claim of provable security is seriously incorrect. To draw lessons from these results, we revealed fatal flaws in Byun et al.'s security model and their proof of security. Then, we modify formal security model and corresponding security definitions. In addition, a new cross-realm C2C-PAKA protocol is presented with security proof.