2010 Volume E93.A Issue 11 Pages 2092-2095
An augmented PAKE (Password-Authenticated Key Exchange) protocol is said to be secure against server-compromise impersonation attacks if an attacker who obtained password verification data from a server cannot impersonate a client without performing off-line dictionary attacks on the password verification data. There are two augmented PAKE protocols where the first one  was proposed in the IEEE Communications Letters and the second one  was submitted to the IEEE P1363.2 standard working group . In this paper, we show that these two augmented PAKE protocols , (claimed to be secure) are actually insecure against server-compromise impersonation attacks. More specifically, we present generic server-compromise impersonation attacks on these augmented PAKE protocols ,.