Abstract
Password-Authenticated Key Establishment (PAKE) protocols allow two parties, to share common secret keys in an authentic manner based on an easily memorizable password. At ICCSA 2004, an improved PAKE protocol between two clients of different realms was proposed that was claimed to be secure against attacks including the replay attack. In this paper, we cryptanalyze this protocol by showing two replay attacks that allow an attacker to falsely share a secret key with a legal client.
| Original language | English |
|---|---|
| Title of host publication | Third International Conference on Applied Cryptography and Network Security, ACNS 2005 |
| Pages | 33-39 |
| Number of pages | 7 |
| Volume | 3531 |
| DOIs | |
| Publication status | Published - 2005 |
| Externally published | Yes |
| Event | International Conference on Applied Cryptography and Network Security 2005 - New York, United States of America Duration: 7 Jun 2005 → 10 Jun 2005 Conference number: 3rd https://link.springer.com/book/10.1007/b137093 (Proceedings) |
Publication series
| Name | Lecture Notes in Computer Science |
|---|---|
| ISSN (Print) | 0302-9743 |
Conference
| Conference | International Conference on Applied Cryptography and Network Security 2005 |
|---|---|
| Abbreviated title | ACNS 2005 |
| Country/Territory | United States of America |
| City | New York |
| Period | 7/06/05 → 10/06/05 |
| Internet address |
|
Keywords
- Client-to-client
- Cryptanalysis
- Password-authenticated key exchange
- Replay attack
- Unknown key-share