The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Un protocole PAKE (Password-Authenticated Key Exchange) augmenté est considéré comme sécurisé contre les attaques d'usurpation d'identité par compromission du serveur si un attaquant qui a obtenu des données de vérification de mot de passe à partir d'un serveur ne peut pas usurper l'identité d'un client sans effectuer des attaques par dictionnaire hors ligne sur les données de vérification de mot de passe. Il existe deux protocoles PAKE augmentés dont le premier [12] a été proposé dans les lettres de communication de l'IEEE et le second [15] a été soumis au groupe de travail sur la norme IEEE P1363.2 [9]. Dans cet article, nous montrons que ces deux protocoles PAKE augmentés [12], [15] (prétendument sécurisés) ne sont en réalité pas sécurisés contre les attaques d'usurpation d'identité par compromission du serveur. Plus précisément, nous présentons générique attaques d'usurpation d'identité par compromission du serveur sur ces protocoles PAKE augmentés [12], [15].
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
SeongHan SHIN, Kazukuni KOBARA, Hideki IMAI, "Security Analysis of Two Augmented Password-Authenticated Key Exchange Protocols" in IEICE TRANSACTIONS on Fundamentals,
vol. E93-A, no. 11, pp. 2092-2095, November 2010, doi: 10.1587/transfun.E93.A.2092.
Abstract: An augmented PAKE (Password-Authenticated Key Exchange) protocol is said to be secure against server-compromise impersonation attacks if an attacker who obtained password verification data from a server cannot impersonate a client without performing off-line dictionary attacks on the password verification data. There are two augmented PAKE protocols where the first one [12] was proposed in the IEEE Communications Letters and the second one [15] was submitted to the IEEE P1363.2 standard working group [9]. In this paper, we show that these two augmented PAKE protocols [12], [15] (claimed to be secure) are actually insecure against server-compromise impersonation attacks. More specifically, we present generic server-compromise impersonation attacks on these augmented PAKE protocols [12],[15].
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E93.A.2092/_p
Copier
@ARTICLE{e93-a_11_2092,
author={SeongHan SHIN, Kazukuni KOBARA, Hideki IMAI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Security Analysis of Two Augmented Password-Authenticated Key Exchange Protocols},
year={2010},
volume={E93-A},
number={11},
pages={2092-2095},
abstract={An augmented PAKE (Password-Authenticated Key Exchange) protocol is said to be secure against server-compromise impersonation attacks if an attacker who obtained password verification data from a server cannot impersonate a client without performing off-line dictionary attacks on the password verification data. There are two augmented PAKE protocols where the first one [12] was proposed in the IEEE Communications Letters and the second one [15] was submitted to the IEEE P1363.2 standard working group [9]. In this paper, we show that these two augmented PAKE protocols [12], [15] (claimed to be secure) are actually insecure against server-compromise impersonation attacks. More specifically, we present generic server-compromise impersonation attacks on these augmented PAKE protocols [12],[15].},
keywords={},
doi={10.1587/transfun.E93.A.2092},
ISSN={1745-1337},
month={November},}
Copier
TY - JOUR
TI - Security Analysis of Two Augmented Password-Authenticated Key Exchange Protocols
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 2092
EP - 2095
AU - SeongHan SHIN
AU - Kazukuni KOBARA
AU - Hideki IMAI
PY - 2010
DO - 10.1587/transfun.E93.A.2092
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E93-A
IS - 11
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - November 2010
AB - An augmented PAKE (Password-Authenticated Key Exchange) protocol is said to be secure against server-compromise impersonation attacks if an attacker who obtained password verification data from a server cannot impersonate a client without performing off-line dictionary attacks on the password verification data. There are two augmented PAKE protocols where the first one [12] was proposed in the IEEE Communications Letters and the second one [15] was submitted to the IEEE P1363.2 standard working group [9]. In this paper, we show that these two augmented PAKE protocols [12], [15] (claimed to be secure) are actually insecure against server-compromise impersonation attacks. More specifically, we present generic server-compromise impersonation attacks on these augmented PAKE protocols [12],[15].
ER -