Analysis of two pairing-based three-party password authenticated key exchange protocols

Phan, Raphael C.-W.; Yau, Wei-Chuen; Goi, Bok-Min

analysis.pdf (248.45 kB)

Analysis of two pairing-based three-party password authenticated key exchange protocols

conference contribution

posted on 2009-12-16, 14:53 authored by Raphael C.-W. Phan, Wei-Chuen Yau, Bok-Min Goi

Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party password-based authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof of Wen et al. and described how to fix the problem so that their attack no longer works. In this paper, we show that both Wen et al. and Nam et al. variants fall to key compromise impersonation by any adversary. Our results underline the fact that although the provable security approach is necessary to designing PAKEs, gaps still exist between what can be proven and what are really secure in practice.

History

School

Mechanical, Electrical and Manufacturing Engineering

Citation

PHAN, R.C.-W., YAU, W. -C. and GOI, B. -M., 2009. Analysis of two pairing-based three-party password authenticated key exchange protocols. IN: Third International Conference on Network and System Security, (NSS '09), Gold Coast, QLD, 19-21 Oct., pp. 102-106

Publisher

Version

VoR (Version of Record)

Publication date

2009

Notes

This is a conference paper [© IEEE]. It is also available at: http://ieeexplore.ieee.org/ Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.