In this paper, we cryptanalyze the recent smart card based client-to-client password-authenticated key agreement (C2C-PAKA-SC) protocol for cross-realm settings proposed at CANS '09. While client-to-client password-authenticated key exchange (C2C-PAKE) protocols exist in literature, what is interesting about this one is that it is the only such protocol claimed to offer security against password compromise impersonation without depending on public-key cryptography, and is one of the few C2C-PAKE protocols with provable security that has not been cryptanalyzed. We present three impersonation attacks on this protocol; the first two are easier to mount than the designer-considered password compromise impersonation. Our results are the first known cryptanalysis results on C2C-PAKA-SC. © 2011 Springer-Verlag.
CITATION STYLE
Yau, W. C., Phan, R. C. W., Goi, B. M., & Heng, S. H. (2011). Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS ’09. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7092 LNCS, pp. 172–184). https://doi.org/10.1007/978-3-642-25513-7_13
Mendeley helps you to discover research relevant for your work.