Cryptanalysis of some improved password-authenticated key exchange schemes

Authors:
Raphael C. -W. Phan;Bok-Min Goi;Kah-Hoong Wong
Affiliations:
Information Security Research (iSECURES) Lab, Swinburne University of Technology (Sarawak Campus), 93576 Kuching, Malaysia;Faculty of Engineering, Multimedia University, 63100 Cyberjaya, Malaysia;Faculty of Engineering, Multimedia University, 63100 Cyberjaya, Malaysia
Venue:
Computer Communications
Year:
2006

Citing 9
Cited 0

Three-party encrypted key exchange: attacks and a solution

ACM SIGOPS Operating Systems Review
Handbook of Applied Cryptography

Handbook of Applied Cryptography
More Efficient Password-Authenticated Key Exchange

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Protocols for Key Establishment and Authentication

Protocols for Key Establishment and Authentication
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques

Quantified Score

Hi-index	0.24

Visualization

Abstract

Password-authenticated key exchange (PAKE) protocols allow two parties to share common secret keys in an authentic manner based on a memorizable password. In 1999, a PAKE protocol called simple authenticated key agreement (SAKA) was presented, and since then until 2004, several improved variants were presented to resist known attacks. In this paper, we present attacks on variants proposed by Kim et al. and Ku-Wang that directly cause them to fail in achieving a mutually authenticated secret key between legitimate parties. These results are devastating since achieving this is the basic security criterion that any key exchange should provide. We also show dictionary attacks on the original SAKA and all its variants. These dictionary attacks invalidate the basic security goals of these protocols since a PAKE scheme must be secure against dictionary attacks due to the low entropy of human-memorizable passwords being used.