Analysis of two pairing-based three-party password authenticated key exchange protocols
Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party password-based authenticated key exchange protocol using Weil pairing by Wen et al. i...
Saved in:
Main Authors: | , , |
---|---|
Format: | Default Conference proceeding |
Published: |
2009
|
Subjects: | |
Online Access: | https://hdl.handle.net/2134/5683 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
rr-article-9554048 |
---|---|
record_format |
Figshare |
spelling |
rr-article-95540482009-01-01T00:00:00Z Analysis of two pairing-based three-party password authenticated key exchange protocols Raphael C.-W. Phan (7168670) Wei-Chuen Yau (7209167) Bok-Min Goi (7209122) Mechanical engineering not elsewhere classified Password-authenticated key exchange Weil pairing Attacks Cryptanalysis Key compromise impersonation Provable security Three-party Mechanical Engineering not elsewhere classified Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party password-based authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof of Wen et al. and described how to fix the problem so that their attack no longer works. In this paper, we show that both Wen et al. and Nam et al. variants fall to key compromise impersonation by any adversary. Our results underline the fact that although the provable security approach is necessary to designing PAKEs, gaps still exist between what can be proven and what are really secure in practice. 2009-01-01T00:00:00Z Text Conference contribution 2134/5683 https://figshare.com/articles/conference_contribution/Analysis_of_two_pairing-based_three-party_password_authenticated_key_exchange_protocols/9554048 CC BY-NC-ND 4.0 |
institution |
Loughborough University |
collection |
Figshare |
topic |
Mechanical engineering not elsewhere classified Password-authenticated key exchange Weil pairing Attacks Cryptanalysis Key compromise impersonation Provable security Three-party Mechanical Engineering not elsewhere classified |
spellingShingle |
Mechanical engineering not elsewhere classified Password-authenticated key exchange Weil pairing Attacks Cryptanalysis Key compromise impersonation Provable security Three-party Mechanical Engineering not elsewhere classified Raphael C.-W. Phan Wei-Chuen Yau Bok-Min Goi Analysis of two pairing-based three-party password authenticated key exchange protocols |
description |
Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party password-based authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof of Wen et al. and described how to fix the problem so that their attack no longer works. In this paper, we show that both Wen et al. and Nam et al. variants fall to key compromise impersonation by any adversary. Our results underline the fact that although the provable security approach is necessary to designing PAKEs, gaps still exist between what can be proven and what are really secure in practice. |
format |
Default Conference proceeding |
author |
Raphael C.-W. Phan Wei-Chuen Yau Bok-Min Goi |
author_facet |
Raphael C.-W. Phan Wei-Chuen Yau Bok-Min Goi |
author_sort |
Raphael C.-W. Phan (7168670) |
title |
Analysis of two pairing-based three-party password authenticated key exchange protocols |
title_short |
Analysis of two pairing-based three-party password authenticated key exchange protocols |
title_full |
Analysis of two pairing-based three-party password authenticated key exchange protocols |
title_fullStr |
Analysis of two pairing-based three-party password authenticated key exchange protocols |
title_full_unstemmed |
Analysis of two pairing-based three-party password authenticated key exchange protocols |
title_sort |
analysis of two pairing-based three-party password authenticated key exchange protocols |
publishDate |
2009 |
url |
https://hdl.handle.net/2134/5683 |
_version_ |
1797920609152270336 |