Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09

Authors:
Wei-Chuen Yau;Raphael C. -W. Phan;Bok-Min Goi;Swee-Huay Heng
Affiliations:
Faculty of Engineering, Multimedia University, Cyberjaya, Malaysia;Electronic, Electrical & Systems Engineering, Loughborough University, Leicestershire, UK;Faculty of Engineering & Science, Universiti Tunku Abdul Rahman, Malaysia;Faculty of Information Science & Technology, Multimedia University, Melaka, Malaysia
Venue:
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Year:
2011

Citing 27
Cited 1

Authentication and authenticated key exchanges

Designs, Codes and Cryptography
Entity authentication and key distribution

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Undetectable on-line password guessing attacks

ACM SIGOPS Operating Systems Review
Provably secure session key distribution: the three party case

STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Explicit Communication Revisited: Two New Attacks on Authentication Protocols

IEEE Transactions on Software Engineering
Using encryption for authentication in large networks of computers

Communications of the ACM
An unknown key-share attack on the MQV key agreement protocol

ACM Transactions on Information and System Security (TISSEC)
Password-Authenticated Key Exchange between Clients with Different Passwords

ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Efficient Kerberized Multicast in a Practical Distributed Setting

ISC '01 Proceedings of the 4th International Conference on Information Security
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
EC2C-PAKA: An efficient client-to-client password-authenticated key agreement

Information Sciences: an International Journal
A New Client-to-Client Password-Authenticated Key Agreement Protocol

IWCC '09 Proceedings of the 2nd International Workshop on Coding and Cryptology
An Efficient and Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol with Smart Cards

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Why provable security matters?

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols

INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Examining indistinguishability-based proof models for key establishment protocols

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Errors in computational complexity proofs for protocols

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
On the role definitions in and beyond cryptography

ASIAN'04 Proceedings of the 9th Asian Computing Science conference on Advances in Computer Science: dedicated to Jean-Louis Lassez on the Occasion of His 5th Cycle Birthday
Interactive diffie-hellman assumptions with applications to password-based authentication

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Efficient and provably secure client-to-client password-based key exchange protocol

APWeb'06 Proceedings of the 8th Asia-Pacific Web conference on Frontiers of WWW Research and Development
A secure password-authenticated key exchange between clients with different passwords

APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
Password-Based authenticated key exchange in the three-party setting

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
N-Party encrypted diffie-hellman key exchange using different passwords

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Cryptanalysis of the n-party encrypted diffie-hellman key exchange using different passwords

ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Secure cross-realm C2C-PAKE protocol

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we cryptanalyze the recent smart card based client-to-client password-authenticated key agreement (C2C-PAKA-SC) protocol for cross-realm settings proposed at CANS '09. While client-to-client password-authenticated key exchange (C2C-PAKE) protocols exist in literature, what is interesting about this one is that it is the only such protocol claimed to offer security against password compromise impersonation without depending on public-key cryptography, and is one of the few C2C-PAKE protocols with provable security that has not been cryptanalyzed. We present three impersonation attacks on this protocol; the first two are easier to mount than the designer-considered password compromise impersonation. Our results are the first known cryptanalysis results on C2C-PAKA-SC.