Analysis of the SPEKE password-authenticated key exchange protocol
Muxiang Zhang
Communications Letters, IEEE
Volume 8, Issue 1, Jan. 2004 Page(s): 63 - 65
Digital Object Identifier   10.1109/LCOMM.2003.822506
Summary: In this letter, we show that for the SPEKE password-authenticated key exchange protocol, an adversary is able to test multiple possible passwords using a single impersonation attempt. In particular, when passwords are short Personal Identification Numbers (PINs), we show that a fully-constrained SPEKE is susceptible to password guessing attack. Our analysis contradicts the claim that the SPEKE protocol appears to be at least as strong as the Bellovin-Merritt EKE protocol. For EKE, an adversary can gain information about at most one possible password in each impersonation attempt.

» View citation and abstract

Log in by entering your IEEE Web Account Username and Password.

IEEE Communications Society members: If you subscribe to the IEEE Electronic Periodicals Package or IEEE Electronic Periodicals Package Plus, you must access your subscription at www.comsoc.org.

Check with your librarian, information professional, or system manager to determine if you need to log in. Please complete the online Technical Support Form if you need assistance.

Select the Purchase History link to access the document. You will have 5 Days after purchase to access the Full Text PDF. Please complete the online Technical Support Form if you need assistance.

• Search and access Abstract records free of charge
• Register for table of contents alerts
• Purchase Full Text PDF documents

» Learn more about subscription options or how to become an IEEE Member.