Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09

Wei Chuen Yau; Raphael C.W. Phan; Bok Min Goi; Swee Huay Heng

doi:10.1007/978-3-642-25513-7_13

Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09

Wei Chuen Yau, Raphael C.W. Phan, Bok Min Goi, Swee Huay Heng

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

6 Citations (Scopus)

Abstract

In this paper, we cryptanalyze the recent smart card based client-to-client password-authenticated key agreement (C2C-PAKA-SC) protocol for cross-realm settings proposed at CANS '09. While client-to-client password-authenticated key exchange (C2C-PAKE) protocols exist in literature, what is interesting about this one is that it is the only such protocol claimed to offer security against password compromise impersonation without depending on public-key cryptography, and is one of the few C2C-PAKE protocols with provable security that has not been cryptanalyzed. We present three impersonation attacks on this protocol; the first two are easier to mount than the designer-considered password compromise impersonation. Our results are the first known cryptanalysis results on C2C-PAKA-SC.

Original language	English
Title of host publication	Cryptology and Network Security - 10th International Conference, CANS 2011, Proceedings
Pages	172-184
Number of pages	13
DOIs	https://doi.org/10.1007/978-3-642-25513-7_13
Publication status	Published - 2011
Externally published	Yes
Event	International Conference on Cryptology and Network Security 2011 - Sanya, China Duration: 10 Dec 2011 → 12 Dec 2011 Conference number: 10th https://link.springer.com/book/10.1007/978-3-642-25513-7

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7092 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	International Conference on Cryptology and Network Security 2011
Abbreviated title	CANS 2011
Country/Territory	China
City	Sanya
Period	10/12/11 → 12/12/11
Internet address	https://link.springer.com/book/10.1007/978-3-642-25513-7

Keywords

attack
Client-to-client
cross realm
impersonation
password-authenticated key agreement

Access to Document

10.1007/978-3-642-25513-7_13

Cite this

Yau, W. C., Phan, R. C. W., Goi, B. M., & Heng, S. H. (2011). Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09. In Cryptology and Network Security - 10th International Conference, CANS 2011, Proceedings (pp. 172-184). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7092 LNCS). https://doi.org/10.1007/978-3-642-25513-7_13

Yau, Wei Chuen ; Phan, Raphael C.W. ; Goi, Bok Min et al. / Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09. Cryptology and Network Security - 10th International Conference, CANS 2011, Proceedings. 2011. pp. 172-184 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{fd13fdfdcf4442dfad413f14b820f616,

title = "Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09",

abstract = "In this paper, we cryptanalyze the recent smart card based client-to-client password-authenticated key agreement (C2C-PAKA-SC) protocol for cross-realm settings proposed at CANS '09. While client-to-client password-authenticated key exchange (C2C-PAKE) protocols exist in literature, what is interesting about this one is that it is the only such protocol claimed to offer security against password compromise impersonation without depending on public-key cryptography, and is one of the few C2C-PAKE protocols with provable security that has not been cryptanalyzed. We present three impersonation attacks on this protocol; the first two are easier to mount than the designer-considered password compromise impersonation. Our results are the first known cryptanalysis results on C2C-PAKA-SC.",

keywords = "attack, Client-to-client, cross realm, impersonation, password-authenticated key agreement",

author = "Yau, {Wei Chuen} and Phan, {Raphael C.W.} and Goi, {Bok Min} and Heng, {Swee Huay}",

note = "Funding Information: Research partially funded by the Ministry of Science, Technology & Innovation (MOSTI) under grant no. MOSTI/BGM/R&D/500-2/8. Copyright: Copyright 2012 Elsevier B.V., All rights reserved.; International Conference on Cryptology and Network Security 2011, CANS 2011 ; Conference date: 10-12-2011 Through 12-12-2011",

year = "2011",

doi = "10.1007/978-3-642-25513-7_13",

language = "English",

isbn = "9783642255120",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "172--184",

booktitle = "Cryptology and Network Security - 10th International Conference, CANS 2011, Proceedings",

url = "https://link.springer.com/book/10.1007/978-3-642-25513-7",

}

Yau, WC, Phan, RCW, Goi, BM & Heng, SH 2011, Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09. in Cryptology and Network Security - 10th International Conference, CANS 2011, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7092 LNCS, pp. 172-184, International Conference on Cryptology and Network Security 2011, Sanya, China, 10/12/11. https://doi.org/10.1007/978-3-642-25513-7_13

Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09. / Yau, Wei Chuen; Phan, Raphael C.W.; Goi, Bok Min et al.
Cryptology and Network Security - 10th International Conference, CANS 2011, Proceedings. 2011. p. 172-184 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7092 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09

AU - Yau, Wei Chuen

AU - Phan, Raphael C.W.

AU - Goi, Bok Min

AU - Heng, Swee Huay

N1 - Conference code: 10th

PY - 2011

Y1 - 2011

N2 - In this paper, we cryptanalyze the recent smart card based client-to-client password-authenticated key agreement (C2C-PAKA-SC) protocol for cross-realm settings proposed at CANS '09. While client-to-client password-authenticated key exchange (C2C-PAKE) protocols exist in literature, what is interesting about this one is that it is the only such protocol claimed to offer security against password compromise impersonation without depending on public-key cryptography, and is one of the few C2C-PAKE protocols with provable security that has not been cryptanalyzed. We present three impersonation attacks on this protocol; the first two are easier to mount than the designer-considered password compromise impersonation. Our results are the first known cryptanalysis results on C2C-PAKA-SC.

AB - In this paper, we cryptanalyze the recent smart card based client-to-client password-authenticated key agreement (C2C-PAKA-SC) protocol for cross-realm settings proposed at CANS '09. While client-to-client password-authenticated key exchange (C2C-PAKE) protocols exist in literature, what is interesting about this one is that it is the only such protocol claimed to offer security against password compromise impersonation without depending on public-key cryptography, and is one of the few C2C-PAKE protocols with provable security that has not been cryptanalyzed. We present three impersonation attacks on this protocol; the first two are easier to mount than the designer-considered password compromise impersonation. Our results are the first known cryptanalysis results on C2C-PAKA-SC.

KW - attack

KW - Client-to-client

KW - cross realm

KW - impersonation

KW - password-authenticated key agreement

UR - http://www.scopus.com/inward/record.url?scp=83755170584&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-25513-7_13

DO - 10.1007/978-3-642-25513-7_13

M3 - Conference Paper

AN - SCOPUS:83755170584

SN - 9783642255120

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 172

EP - 184

BT - Cryptology and Network Security - 10th International Conference, CANS 2011, Proceedings

T2 - International Conference on Cryptology and Network Security 2011

Y2 - 10 December 2011 through 12 December 2011

ER -

Yau WC, Phan RCW, Goi BM, Heng SH. Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09. In Cryptology and Network Security - 10th International Conference, CANS 2011, Proceedings. 2011. p. 172-184. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-25513-7_13

Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this