Abstract
Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Byun et al. first proposed a cross realm client-to-client (C2C) PAKE for clients of different realms (with different trusted servers) to establish a key. Subsequent work includes some attacks and a few other variants either to resist existing attacks or to improve the efficiency. However, all these variants were designed with heuristic security analysis despite that well founded provable security models already exist for PAKEs, e.g. the Bellare-Pointcheval-Rogaway model. Recently, the first provably secure cross-realm C2C-PAKE protocols were independently proposed by Byun et al. and Yin-Bao, respectively; i.e. security is proven rigorously within a formally defined security model and based on the hardness of some computationally intractable assumptions. In this paper, we show that both protocols fall to undetectable online dictionary attacks by any adversary. Further we show that malicious servers can launch successful man-in-the-middle attacks on the variant by Byun et al., while the Yin-Bao variant inherits a weakness against unknown key-share attacks. Designing provably secure protocols is indeed the right approach, but our results show that such proofs should be interpreted with care.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M.: Explicit Communication Revisited: Two New Attacks on Authentication Protocols. IEEE Transactions on Software Engineering 23(3), 185–186 (1997)
Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-Based Authenticated Key Exchange in the Three-Party Setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)
Abdalla, M., Pointcheval, D.: Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 341–356. Springer, Heidelberg (2005)
Abdalla, M., Pointcheval, D.: Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication. Full version of [3], Available online at: http://www.di.ens.fr/~pointche/pub.php?reference=AbPo05
Anderson, R.: Security Engineering − A Guide to Building Dependable Distributed Systems. Wiley, USA (2001)
Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: the Three Party Case. In: Proc. ACM STOC 1995, pp. 57–66 (1995)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellovin, S., Merritt, M.: Encrypted Key Exchange: Passwords based Protocols Secure against Dictionary Attacks. In: Proc. IEEE Symposium on Security & Privacy 1992, pp. 72–84 (1992)
Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.S.: Password-Authenticated Key Exchange between Clients with Different Passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)
Byun, J.W., Lee, D.H.: N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 75–90. Springer, Heidelberg (2005)
Byun, J.W., Lee, D.H., Lim, J.: Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 830–836. Springer, Heidelberg (2006)
Chen, L.: A Weakness of the Password-Authenticated Key Agreement between Clients with Different Passwords Scheme. Circulated for consideration at the 27th SC27/WG2 meeting in Paris, France, ISO/IEC JTC 1/SC27 N3716, 2003-10-20.24 (2003)
Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Examining Indistinguishability-Based Proof Models for Key Establishment Protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 585–604. Springer, Heidelberg (2005)
Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Errors in Computational Complexity Proofs for Protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 624–643. Springer, Heidelberg (2005)
Cliff, Y., Tin, Y.S.T., Boyd, C.: Password Based Server Aided Key Exchange. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 146–161. Springer, Heidelberg (2006)
Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and Authenticated Key Exchanges. Design, Codes and Cryptography 2(2), 107–125 (1992)
Ding, Y., Horster, P.: Undetectable On-line Password Guessing Attacks. ACM Operating Systems Review 29(4), 77–86 (1995)
Hitchcock, Y., Tin, Y.S.T., Gonzalez Nieto, J.M., Boyd, C., Montague, P.: A Password-Based Authenticator: Security Proof and Applications. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 388–401. Springer, Heidelberg (2003)
Kaliski Jr., B.S.: An Unknown Key-Share Attack on the MQV Key Agreement Protocol. ACM TISSEC 4(3), 275–288 (2001)
Katzenbeisser, S.: On the Integration of Watermarks and Cryptography. In: Kalker, T., Cox, I., Ro, Y.M. (eds.) IWDW 2003. LNCS, vol. 2939, pp. 50–60. Springer, Heidelberg (2004)
Kim, J., Kim, S., Kwak, J., Won, D.: Cryptanalysis and Improvement of Password-Authenticated Key Exchange Scheme between Clients with Different Passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 895–902. Springer, Heidelberg (2004)
Kim, S., Lee, H., Oh, H.: Enhanced ID-based Authenticated Key Agreement Protocols for a Multiple Independent PKG Environment. In: Qing, S., Mao, W., López, J., Wang, G. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 323–336. Springer, Heidelberg (2005)
Phan, R.C.-W., Goi, B.-M.: Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 33–39. Springer, Heidelberg (2005)
Phan, R.C.-W., Goi, B.-M.: Cryptanalysis of the N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 226–238. Springer, Heidelberg (2006)
Stern, J.: Why Provable Security Matters? In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 449–461. Springer, Heidelberg (2003)
Wang, S., Wang, J., Xu, M.: Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 414–425. Springer, Heidelberg (2004)
Yin, Y., Bao, L.: Secure Cross-Realm C2C-PAKE Protocol. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 395–406. Springer, Heidelberg (2006)
Yoon, E.-J., Yoo, K.-Y.: Cryptanalysis of Two User Identification Schemes with Key Distribution Preserving Anonymity. In: Qing, S., Mao, W., López, J., Wang, G. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 315–322. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Phan, R.C.W., Goi, BM. (2006). Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols. In: Barua, R., Lange, T. (eds) Progress in Cryptology - INDOCRYPT 2006. INDOCRYPT 2006. Lecture Notes in Computer Science, vol 4329. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11941378_9
Download citation
DOI: https://doi.org/10.1007/11941378_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49767-7
Online ISBN: 978-3-540-49769-1
eBook Packages: Computer ScienceComputer Science (R0)