Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Refinement and extension of encrypted key exchange
ACM SIGOPS Operating Systems Review
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Fair exchange with a semi-trusted third party (extended abstract)
Proceedings of the 4th ACM conference on Computer and communications security
An unknown key-share attack on the MQV key agreement protocol
ACM Transactions on Information and System Security (TISSEC)
Three-party encrypted key exchange: attacks and a solution
ACM SIGOPS Operating Systems Review
Finite-state analysis of two contract signing protocols
Theoretical Computer Science
Efficient Identity-Based Conference Key Distribution Protocols
ACISP '98 Proceedings of the Third Australasian Conference on Information Security and Privacy
Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Modeling insider attacks on group key-exchange protocols
Proceedings of the 12th ACM conference on Computer and communications security
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
N-Party encrypted diffie-hellman key exchange using different passwords
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
Information Sciences: an International Journal
Provably Secure N-Party Authenticated Key Exchange in the Multicast DPWA Setting
Information Security and Cryptology
IWDW '07 Proceedings of the 6th International Workshop on Digital Watermarking
Traceable privacy of recent provably-secure RFID protocols
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
On the analysis and design of a family tree of smart card based user authentication schemes
UIC'07 Proceedings of the 4th international conference on Ubiquitous Intelligence and Computing
Hi-index | 0.00 |
We consider the security of the n-party EKE-U and EKE-M protocols proposed by Byun and Lee at ACNS '05. We show that EKE-U is vulnerable to an impersonation attack, offline dictionary attack and undetectable online dictionary attack. Surprisingly, even the strengthened variant recently proposed by the same designers to counter an insider offline dictionary attack by Tang and Chen, is equally vulnerable. We also show that both the original and strengthened EKE-M variants do not provide key privacy, a criterion desired by truly contributory key exchange schemes and recently formalized by Abdalla et al. We discuss ways to protect EKE-U against our attacks and argue that the strengthened EKE-U scheme shows the most potential as a provably secure n-party PAKE.