IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Online ISSN : 1745-1337
Print ISSN : 0916-8508
Special Section on Information Theory and Its Applications
Security Analysis of Two Augmented Password-Authenticated Key Exchange Protocols
SeongHan SHINKazukuni KOBARAHideki IMAI
Author information

2010 Volume E93.A Issue 11 Pages 2092-2095


An augmented PAKE (Password-Authenticated Key Exchange) protocol is said to be secure against server-compromise impersonation attacks if an attacker who obtained password verification data from a server cannot impersonate a client without performing off-line dictionary attacks on the password verification data. There are two augmented PAKE protocols where the first one [12] was proposed in the IEEE Communications Letters and the second one [15] was submitted to the IEEE P1363.2 standard working group [9]. In this paper, we show that these two augmented PAKE protocols [12],[15] (claimed to be secure) are actually insecure against server-compromise impersonation attacks. More specifically, we present generic server-compromise impersonation attacks on these augmented PAKE protocols [12],[15].

Information related to the author
© 2010 The Institute of Electronics, Information and Communication Engineers
Previous article Next article