Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme
Password-Authenticated Key Establishment (PAKE) protocols allow two parties, to share common secret keys in an authentic manner based on an easily memorizable password. At ICCSA 2004, an improved PAKE protocol between two clients of different realms was proposed that was claimed to be secure against...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Published: |
2005
|
| Subjects: | |
| Online Access: | http://shdl.mmu.edu.my/2306/ |
| _version_ | 1848790020835508224 |
|---|---|
| author | Phan, , RCW Goi, , BM |
| author_facet | Phan, , RCW Goi, , BM |
| author_sort | Phan, , RCW |
| building | MMU Institutional Repository |
| collection | Online Access |
| description | Password-Authenticated Key Establishment (PAKE) protocols allow two parties, to share common secret keys in an authentic manner based on an easily memorizable password. At ICCSA 2004, an improved PAKE protocol between two clients of different realms was proposed that was claimed to be secure against attacks including the replay attack. In this paper, we cryptanalyze this protocol by showing two replay attacks that allow an attacker to falsely share a secret key with a legal client. |
| first_indexed | 2025-11-14T18:05:59Z |
| format | Article |
| id | mmu-2306 |
| institution | Multimedia University |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:05:59Z |
| publishDate | 2005 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | mmu-23062011-08-24T05:37:04Z http://shdl.mmu.edu.my/2306/ Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme Phan, , RCW Goi, , BM QA75.5-76.95 Electronic computers. Computer science Password-Authenticated Key Establishment (PAKE) protocols allow two parties, to share common secret keys in an authentic manner based on an easily memorizable password. At ICCSA 2004, an improved PAKE protocol between two clients of different realms was proposed that was claimed to be secure against attacks including the replay attack. In this paper, we cryptanalyze this protocol by showing two replay attacks that allow an attacker to falsely share a secret key with a legal client. 2005 Article NonPeerReviewed Phan, , RCW and Goi, , BM (2005) Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme. APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, PROCEEDINGS, 3531 . pp. 33-39. ISSN 0302-9743 |
| spellingShingle | QA75.5-76.95 Electronic computers. Computer science Phan, , RCW Goi, , BM Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme |
| title | Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme |
| title_full | Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme |
| title_fullStr | Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme |
| title_full_unstemmed | Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme |
| title_short | Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme |
| title_sort | cryptanalysis of an improved client-to-client password-authenticated key exchange (c2c-pake) scheme |
| topic | QA75.5-76.95 Electronic computers. Computer science |
| url | http://shdl.mmu.edu.my/2306/ |