Analysis of Two Pairing-Based Three-Party Password Authenticated Key Exchange Protocols

Author

Phan, Raphael C W ; Yau, Wei-Chuen ; Goi, Bok-Min

Author_Institution

Electron. & Electr. Eng., Loughborough Univ., Loughborough, UK

fYear

2009

fDate

19-21 Oct. 2009

Firstpage

102

Lastpage

106

Abstract

Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party password-based authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof of Wen et al. and described how to fix the problem so that their attack no longer works. In this paper, we show that both Wen et al. and Nam et al. variants fall to key compromise impersonation by any adversary. Our results underline the fact that although the provable security approach is necessary to designing PAKEs, gaps still exist between what can be proven and what are really secure in practice.

Keywords

message authentication; private key cryptography; Weil pairing; key compromise impersonation; man-in-the-middle attack; provable security; secret key sharing; three-party password authenticated key exchange protocol; two pairing; Cryptography; Dictionaries; Protocols; Resilience; Security; Password-authenticated key exchange; Weil pairing; attacks; cryptanalysis; key compromise impersonation; provable security; three-party;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and System Security, 2009. NSS '09. Third International Conference on

Conference_Location

Gold Coast, QLD

Print_ISBN

978-1-4244-5087-9

Electronic_ISBN

978-0-7695-3838-9

Type

conf

DOI

10.1109/NSS.2009.56

Filename

5318959