Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol

Byun, Jin Wook; Lee, Dong Hoon; Lim, Jongsik

doi:10.1007/11610113_81

Cited by 19 publications

(25 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A further variant of the latter attack even causes a party to think it is sharing a key with a party different from the party it is supposed to share with: unknown key-share attack [17,20]. The existence of malicious servers acting as active adversaries is indeed considered by the security proof of EC2C-PAKE [12] but still it was not able to catch our attacks. Fortunately, the C2C-PAKE-YB model captures these later attacks because it disregards as impossible to obtain key privacy when active server adversaries exist.…”

Section: Introductionmentioning

confidence: 81%

“…We now describe each of provably secure protocols [12,28] in turn. We will use the notations given in Table 1.…”

Section: Two Provably Secure C2c-pake Protocolsmentioning

confidence: 99%

“…Nevertheless, the analysis is still adhoc and not done in a formal security model. Byun-Lee-Lim [12] and YinBao [28] independently proposed the first provably secure C2C-PAKE protocols. The Byun-Lee-Lim variant is called EC2C-PAKE.…”

Section: Introductionmentioning

confidence: 99%

“…protecting secrets of the client in one realm from a malicious server [13] or a malicious client [22] in the other realm. For more details of the variants and analyses, see [10,13,27,22,24,12,28].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols

Phan

Goi

2006

Progress in Cryptology - INDOCRYPT 2006

View full text Add to dashboard Cite

Abstract. Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Byun et al. first proposed a cross realm client-to-client (C2C) PAKE for clients of different realms (with different trusted servers) to establish a key. Subsequent work includes some attacks and a few other variants either to resist existing attacks or to improve the efficiency. However, all these variants were designed with heuristic security analysis despite that well founded provable security models already exist for PAKEs, e.g. the Bellare-Pointcheval-Rogaway model. Recently, the first provably secure cross-realm C2C-PAKE protocols were independently proposed by Byun et al. and Yin-Bao, respectively; i.e. security is proven rigorously within a formally defined security model and based on the hardness of some computationally intractable assumptions. In this paper, we show that both protocols fall to undetectable online dictionary attacks by any adversary. Further we show that malicious servers can launch successful man-in-the-middle attacks on the variant by Byun et al., while the Yin-Bao variant inherits a weakness against unknown key-share attacks. Designing provably secure protocols is indeed the right approach, but our results show that such proofs should be interpreted with care.

show abstract

Section: Introductionmentioning

confidence: 81%

“…We now describe each of provably secure protocols [12,28] in turn. We will use the notations given in Table 1.…”

Section: Two Provably Secure C2c-pake Protocolsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols

Phan

Goi

2006

Progress in Cryptology - INDOCRYPT 2006

View full text Add to dashboard Cite

show abstract

“…However, S. Wang et al subsequently found the protocol due to Byun et al was insecure [22]. Later, two schemes for password-authenticated key establishment in a cross-realm setting were proposed in [24,25] but both of them were still pointed out to be insecure in [26]. To the best of our knowledge, no more work address the problem in the cross-realm setting and achieves provable security.…”

Section: Introductionmentioning

confidence: 99%

Password-Authenticated Key Exchange between Clients in a Cross-Realm Setting

Zhu

2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The area of password-based authenticated key exchange protocols has been the subject of a vast amount of work in the last few years due to its practical aspects. AuthA is an example of such a technology considered for standardization by the IEEE P1363.2 working group. Unfortunately in its current form AuthA, including some variants, only considered the classic client and server (2-party) scenarios. In this paper, based on a variant of AuthA, we consider a quite different paradigm from the existing ones and propose a provably secure password-authenticated key exchange protocol in a cross-realm setting where two clients in different realms obtain a secret session key as well as mutual authentication, with the help of respective servers. In our protocol, any honest server is unable to gain any information on the value of that session key. Moreover, our protocol is reasonably efficient and has a per-user computational cost that is comparable to that of the underlying 2-party encrypted key exchange.

show abstract

A secure and efficient password‐authenticated group key exchange protocol for mobile ad hoc networks

Chen

Chan

et al. 2011

Int J Communication

View full text Add to dashboard Cite

Password-authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed passwordauthenticated group key exchange protocols. Furthermore, a secure and efficient password-authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real-world applications in enhancing the security over wireless communications.KEY WORDS: group key exchange; security; mobile ad hoc network; forgery attack Recently, the constant-round password-based group key exchange (in short, NEKED) protocol for password-authenticated key exchange in a multilayer MANET was proposed in [3]. The outstanding feature of this protocol is that it is the first constant round and provably secure scheme in the dynamic scenario. More specifically, the overhead of key generation is independent of the size

show abstract

Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol

Cited by 19 publications

References 16 publications

Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols

Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols

Password-Authenticated Key Exchange between Clients in a Cross-Realm Setting

A secure and efficient password‐authenticated group key exchange protocol for mobile ad hoc networks

Contact Info

Product

Resources

About