Password-authenticated key exchange (PAKE) protocols allow two parties to share common secret keys in an authentic manner based on a memorizable password. In 1999, a PAKE protocol called simple authenticated key agreement (SAKA) was presented, and since then until 2004, several improved variants were presented to resist known attacks. In this paper, we present attacks on variants proposed by Kim et al. and Ku-Wang that directly cause them to fail in achieving a mutually authenticated secret key between legitimate parties. These results are devastating since achieving this is the basic security criterion that any key exchange should provide. We also show dictionary attacks on the original SAKA and all its variants. These dictionary attacks invalidate the basic security goals of these protocols since a PAKE scheme must be secure against dictionary attacks due to the low entropy of human-memorizable passwords being used.
- Password-authenticated key exchange
- Replay attacks
- Security protocols