EC2C-PAKA: An efficient client-to-client password-authenticated key agreement

Byun, Jin Wook; Lee, Dong Hoon; Lim, Jong In

doi:10.1016/j.ins.2007.03.024

Cited by 53 publications

(28 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Due to these properties, chaotic systems have become a very good candidate for use in the field of cryptography. The existing related research progress includes chaos-based symmetric encryptions [1][2][3][4][5][6][7], security protocols [8,9], asymmetric encryptions [10,11], and hash functions [12][13][14][15][16][17][18].…”

Section: Introductionmentioning

confidence: 99%

A novel parallel hash function based on 3D chaotic map

Akhavan

Samsudin

Akhshani

2013

EURASIP J. Adv. Signal Process.

View full text Add to dashboard Cite

As the core of cryptography, hash function is one of the basic techniques for information security. During the last few years, considerable effort has been devoted to research on chaos-based hash functions. Nevertheless, the corresponding analysis of them lag far behind. In this paper, a new efficient scheme for parallel hash function based on high-dimensional chaotic map is proposed. In the proposed scheme, the confusion as well as the diffusion effect is enhanced significantly by utilizing two nonlinear coupling parameters. Theoretical and experimental results indicate that the proposed scheme can satisfy all performance requirements of hash function such as desired statistical properties and strong collision resistance. At the same time, the proposed scheme can keep the parallel merit and message sensitivity with high potential to be adopted for network security.

show abstract

Section: Introductionmentioning

confidence: 99%

A novel parallel hash function based on 3D chaotic map

Akhavan

Samsudin

Akhshani

2013

EURASIP J. Adv. Signal Process.

View full text Add to dashboard Cite

show abstract

“…This leads to a similar limitation in symmetric key management that PKCROSS aims to address. More recent work on C2C-PAKE with improved efficiency and/or security can be found in [14,23,43].…”

Section: Client-to-client Key Exchangementioning

confidence: 99%

“…We believe that our aforementioned communication model is more realistic, user-friendly and scalable than that of related previous work, for example, public key Kerberos [25,46] and C2C-PAKE [14,45]. The latter either requires a user to obtain a public key certificate, or assumes that the domain servers corresponding to the communicating users share a long-term secret key.…”

Section: Introductionmentioning

confidence: 99%

Cross-domain password-based authenticated key exchange revisited

Chen

Lim

Yang

2013

2013 Proceedings IEEE INFOCOM

View full text Add to dashboard Cite

We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this paper, we propose a generic framework for designing four-party password-based authenticated key exchange (4PAKE) protocols. Our framework takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that "certify" some key materials that the users can subsequently use to exchange and agree on a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange (2PAKE) protocol and two-party asymmetric-key/symmetric-key based key exchange (2A/SAKE) protocol as black boxes, we combine them to obtain generic and provably secure 4PAKE protocols.

show abstract

“…Yoon et al [12] also pointed out that Kim et al's protocol [10] was susceptible to one-way man-in-the-middle attack and password-compromise impersonation attack, and presented an enhancement. Recently, Byun et al [13] introduced a formal security model and corresponding security definitions, and proposed the first provably secure C2C-PAKA protocol. Our contribution in this paper is twofold.…”

Section: Related Work and Our Contributionmentioning

confidence: 99%

“…Client-to-client password-authenticated key agreement (C2C-PAKA) protocol deals with the authenticated key agreement process between two clients of different realms, who only share their passwords with their own servers. Recently, Byun et al [13] proposed an efficient C2C-PAKA protocol and carried a claimed proof of security in a formal model of communication and adversarial capabilities. In this paper, we show that the protocol is insecure against password-compromise impersonation attack and the claim of provable security is seriously incorrect.…”

mentioning

confidence: 99%

A New Client-to-Client Password-Authenticated Key Agreement Protocol

Feng

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Client-to-client password-authenticated key agreement (C2C-PAKA) protocol deals with the authenticated key agreement process between two clients of different realms, who only share their passwords with their own servers. Recently, Byun et al. [13] proposed an efficient C2C-PAKA protocol and carried a claimed proof of security in a formal model of communication and adversarial capabilities. In this paper, we show that the protocol is insecure against password-compromise impersonation attack and the claim of provable security is seriously incorrect. To draw lessons from these results, we revealed fatal flaws in Byun et al.'s security model and their proof of security. Then, we modify formal security model and corresponding security definitions. In addition, a new crossrealm C2C-PAKA protocol is presented with security proof.

show abstract

EC2C-PAKA: An efficient client-to-client password-authenticated key agreement

Cited by 53 publications

References 23 publications

A novel parallel hash function based on 3D chaotic map

A novel parallel hash function based on 3D chaotic map

Cross-domain password-based authenticated key exchange revisited

A New Client-to-Client Password-Authenticated Key Agreement Protocol

Contact Info

Product

Resources

About