Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Explicit Communication Revisited: Two New Attacks on Authentication Protocols
IEEE Transactions on Software Engineering
An unknown key-share attack on the MQV key agreement protocol
ACM Transactions on Information and System Security (TISSEC)
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Password-Authenticated Key Exchange between Clients with Different Passwords
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Why provable security matters?
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Examining indistinguishability-based proof models for key establishment protocols
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Errors in computational complexity proofs for protocols
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Interactive diffie-hellman assumptions with applications to password-based authentication
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Efficient and provably secure client-to-client password-based key exchange protocol
APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
N-Party encrypted diffie-hellman key exchange using different passwords
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Cryptanalysis of two user identification schemes with key distribution preserving anonymity
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Enhanced ID-Based authenticated key agreement protocols for a multiple independent PKG environment
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Password based server aided key exchange
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Cryptanalysis of the n-party encrypted diffie-hellman key exchange using different passwords
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Secure cross-realm C2C-PAKE protocol
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
Information Sciences: an International Journal
Electronic Notes in Theoretical Computer Science (ENTCS)
Password-Authenticated Key Exchange between Clients in a Cross-Realm Setting
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
IWDW '07 Proceedings of the 6th International Workshop on Digital Watermarking
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
AAECC'07 Proceedings of the 17th international conference on Applied algebra, algebraic algorithms and error-correcting codes
Traceable privacy of recent provably-secure RFID protocols
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Cross-realm password-based server aided key exchange
WISA'10 Proceedings of the 11th international conference on Information security applications
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
On the analysis and design of a family tree of smart card based user authentication schemes
UIC'07 Proceedings of the 4th international conference on Ubiquitous Intelligence and Computing
Hi-index | 0.00 |
Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Byun et al. first proposed a cross realm client-to-client (C2C) PAKE for clients of different realms (with different trusted servers) to establish a key. Subsequent work includes some attacks and a few other variants either to resist existing attacks or to improve the efficiency. However, all these variants were designed with heuristic security analysis despite that well founded provable security models already exist for PAKEs, e.g. the Bellare-Pointcheval-Rogaway model. Recently, the first provably secure cross-realm C2C-PAKE protocols were independently proposed by Byun et al. and Yin-Bao, respectively; i.e. security is proven rigorously within a formally defined security model and based on the hardness of some computationally intractable assumptions. In this paper, we show that both protocols fall to undetectable online dictionary attacks by any adversary. Further we show that malicious servers can launch successful man-in-the-middle attacks on the variant by Byun et al., while the Yin-Bao variant inherits a weakness against unknown key-share attacks. Designing provably secure protocols is indeed the right approach, but our results show that such proofs should be interpreted with care.