Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols

Authors:
Raphael C.-W. Phan;Bok-Min Goi
Affiliations:
Information Security Research (iSECURES) Lab, Swinburne University of Technology (Sarawak Campus), Kuching, Malaysia;Centre for Cryptography & Information Security (CCIS), Faculty of Engineering, Multimedia University, Cyberjaya, Malaysia
Venue:
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Year:
2006

Citing 23
Cited 11

Authentication and authenticated key exchanges

Designs, Codes and Cryptography
Entity authentication and key distribution

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Undetectable on-line password guessing attacks

ACM SIGOPS Operating Systems Review
Provably secure session key distribution: the three party case

STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Explicit Communication Revisited: Two New Attacks on Authentication Protocols

IEEE Transactions on Software Engineering
An unknown key-share attack on the MQV key agreement protocol

ACM Transactions on Information and System Security (TISSEC)
Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems
Password-Authenticated Key Exchange between Clients with Different Passwords

ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Why provable security matters?

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Examining indistinguishability-based proof models for key establishment protocols

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Errors in computational complexity proofs for protocols

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Interactive diffie-hellman assumptions with applications to password-based authentication

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Efficient and provably secure client-to-client password-based key exchange protocol

APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
Password-Based authenticated key exchange in the three-party setting

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
N-Party encrypted diffie-hellman key exchange using different passwords

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Cryptanalysis of two user identification schemes with key distribution preserving anonymity

ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Enhanced ID-Based authenticated key agreement protocols for a multiple independent PKG environment

ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Password based server aided key exchange

ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Cryptanalysis of the n-party encrypted diffie-hellman key exchange using different passwords

ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Secure cross-realm C2C-PAKE protocol

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Information Sciences: an International Journal
fficient and Provably Secure Generic Construction of Client-to-Client Password-Based Key Exchange Protocol

Electronic Notes in Theoretical Computer Science (ENTCS)
An Integrative Framework to Protocol Analysis and Repair: Bellare-Rogaway Model + Planning + Model Checker

Informatica
Password-Authenticated Key Exchange between Clients in a Cross-Realm Setting

NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
(In)Security of an Efficient Fingerprinting Scheme with Symmetric and Commutative Encryption of IWDW 2005

IWDW '07 Proceedings of the 6th International Workshop on Digital Watermarking
An Efficient and Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol with Smart Cards

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Secure cross-realm client-to-client password-based authenticated key exchange against undetectable on-line dictionary attacks

AAECC'07 Proceedings of the 17th international conference on Applied algebra, algebraic algorithms and error-correcting codes
Traceable privacy of recent provably-secure RFID protocols

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Cross-realm password-based server aided key exchange

WISA'10 Proceedings of the 11th international conference on Information security applications
Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09

CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
On the analysis and design of a family tree of smart card based user authentication schemes

UIC'07 Proceedings of the 4th international conference on Ubiquitous Intelligence and Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Byun et al. first proposed a cross realm client-to-client (C2C) PAKE for clients of different realms (with different trusted servers) to establish a key. Subsequent work includes some attacks and a few other variants either to resist existing attacks or to improve the efficiency. However, all these variants were designed with heuristic security analysis despite that well founded provable security models already exist for PAKEs, e.g. the Bellare-Pointcheval-Rogaway model. Recently, the first provably secure cross-realm C2C-PAKE protocols were independently proposed by Byun et al. and Yin-Bao, respectively; i.e. security is proven rigorously within a formally defined security model and based on the hardness of some computationally intractable assumptions. In this paper, we show that both protocols fall to undetectable online dictionary attacks by any adversary. Further we show that malicious servers can launch successful man-in-the-middle attacks on the variant by Byun et al., while the Yin-Bao variant inherits a weakness against unknown key-share attacks. Designing provably secure protocols is indeed the right approach, but our results show that such proofs should be interpreted with care.