Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Explicit Communication Revisited: Two New Attacks on Authentication Protocols
IEEE Transactions on Software Engineering
Using encryption for authentication in large networks of computers
Communications of the ACM
An unknown key-share attack on the MQV key agreement protocol
ACM Transactions on Information and System Security (TISSEC)
Password-Authenticated Key Exchange between Clients with Different Passwords
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Efficient Kerberized Multicast in a Practical Distributed Setting
ISC '01 Proceedings of the 4th International Conference on Information Security
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
EC2C-PAKA: An efficient client-to-client password-authenticated key agreement
Information Sciences: an International Journal
A New Client-to-Client Password-Authenticated Key Agreement Protocol
IWCC '09 Proceedings of the 2nd International Workshop on Coding and Cryptology
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Why provable security matters?
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Examining indistinguishability-based proof models for key establishment protocols
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Errors in computational complexity proofs for protocols
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
On the role definitions in and beyond cryptography
ASIAN'04 Proceedings of the 9th Asian Computing Science conference on Advances in Computer Science: dedicated to Jean-Louis Lassez on the Occasion of His 5th Cycle Birthday
Interactive diffie-hellman assumptions with applications to password-based authentication
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Efficient and provably secure client-to-client password-based key exchange protocol
APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
A secure password-authenticated key exchange between clients with different passwords
APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
N-Party encrypted diffie-hellman key exchange using different passwords
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Cryptanalysis of the n-party encrypted diffie-hellman key exchange using different passwords
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Secure cross-realm C2C-PAKE protocol
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
Journal of Medical Systems
Hi-index | 0.00 |
In this paper, we cryptanalyze the recent smart card based client-to-client password-authenticated key agreement (C2C-PAKA-SC) protocol for cross-realm settings proposed at CANS '09. While client-to-client password-authenticated key exchange (C2C-PAKE) protocols exist in literature, what is interesting about this one is that it is the only such protocol claimed to offer security against password compromise impersonation without depending on public-key cryptography, and is one of the few C2C-PAKE protocols with provable security that has not been cryptanalyzed. We present three impersonation attacks on this protocol; the first two are easier to mount than the designer-considered password compromise impersonation. Our results are the first known cryptanalysis results on C2C-PAKA-SC.