Referenced Items are not available for this document.
Password Authenticated Key Exchange (PAKE) protocols enable two entities to agree on a common session key based on a pre-shared human memorable password. The main security goal of these protocols is providing security against password guessing attacks. In 2003, Hitchcock et al.'s protocol is presented. In 2005, Abdalla and Pointcheval proposed SPAKE1 and SPAKE2 protocols. In this paper, it is shown that the Hitchcock et al.'s protocol is vulnerable to ephemeral key compromise impersonation, off-line dictionary and Key Compromise Impersonation (KCI) attacks while it does not satisfy the mutual authentication and forward secrecy attributes. It is also shown that SPAKE1 and SPAKE2 protocols are vulnerable to password compromise impersonation and Denial-of-Service (DoS) attacks while they do not provide the mutual authentication property. To eliminate these weaknesses, an improved two-party PAKE protocol is proposed which can provide several security attributes while it has a remarkable computational efficiency and lower number of rounds.
Published in:
Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on
Date of Conference: 27-29 May 2011
- Page(s):
- 90 - 95
- Print ISBN:
- 978-1-61284-485-5
- INSPEC Accession Number:
- 12260346
- Conference Location :
- Xi'an
- Digital Object Identifier :
- 10.1109/ICCSN.2011.6014011
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
