Skip to main content
SpringerLink
Log in
Book cover

International Conference on Coding and Cryptology

IWCC 2009: Coding and Cryptology pp 63–76Cite as

A New Client-to-Client Password-Authenticated Key Agreement Protocol

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5557))

Abstract

Client-to-client password-authenticated key agreement (C2C-PAKA) protocol deals with the authenticated key agreement process between two clients of different realms, who only share their passwords with their own servers. Recently, Byun et al. [13] proposed an efficient C2C-PAKA protocol and carried a claimed proof of security in a formal model of communication and adversarial capabilities. In this paper, we show that the protocol is insecure against password-compromise impersonation attack and the claim of provable security is seriously incorrect. To draw lessons from these results, we revealed fatal flaws in Byun et al.’s security model and their proof of security. Then, we modify formal security model and corresponding security definitions. In addition, a new cross-realm C2C-PAKA protocol is presented with security proof.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  2. Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using uuman-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Bellovin, S., Merrit, M.: Encrypted key exchange: password based protocols secure against dictionary attacks. In: Proc. of the Symposium on Security and Privacy, IEE, pp. 72–84 (1992)

    Google Scholar 

  5. Byun, J.W., Lee, D.H., Lim, J.: Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 830–836. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Yin, Y., Bao, L.: Secure Cross-Realm C2C-PAKE Protocol. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 395–406. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  8. Chen, L.: A weakness of the password-authenticated key agreement between clients with different passwords scheme, ISO/IEC JTC 1/SC27 N3716

    Google Scholar 

  9. Wang, S., Wang, J., Xu, M.: Weakness of a password-authenticated key exchange protocol between clients with different passwords. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 414–425. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  10. Kim, J., Kim, S., Kwak, J., Won, D.: Cryptoanalysis and improvements of password authenticated key exchange scheme between clients with different passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3044, pp. 895–902. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  11. Phan, R.C.-W., Goi, B.: Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 33–39. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Yoon, E.J., Yoo, K.Y.: A secure password-authenticated key exchange between clients with different passwords. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 659–663. Springer, Heidelberg (2006)

    Google Scholar 

  13. Byun, J.W., Lee, D.H., Lim, J.I.: EC2C-PAKA: An efficient client-to-client password-authenticated key agreement. Information Science 177, 3995–4013 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  14. Abdalla, M., Fouque, P.A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Goldreich, O.: Foundation of cryptography, vol. 2. Cambridge University Press, Cambridge (2004)

    Book  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China

    Deng-Guo Feng & Jing Xu

Authors
  1. Deng-Guo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jing Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. National Computer Systems, Center for Information Technology,, 73 Science Park Drive, S0511, Republic of Singapore

    Yeow Meng Chee  & San Ling  & 

  2. National University of Defense Technology, 411073, Changshu Hunan, China

    Chao Li

  3. National Computer Systems, Center for Information Technology, 73 Science Park Drive, S0511, Republic of Singapore

    Huaxiong Wang  & Chaoping Xing  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Feng, DG., Xu, J. (2009). A New Client-to-Client Password-Authenticated Key Agreement Protocol. In: Chee, Y.M., Li, C., Ling, S., Wang, H., Xing, C. (eds) Coding and Cryptology. IWCC 2009. Lecture Notes in Computer Science, vol 5557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01877-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01877-0_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01813-8

  • Online ISBN: 978-3-642-01877-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation