Paper 2005/156

On the security of some password-based key agreement schemes

Qiang Tang and Chris J. Mitchell

Abstract

In this paper we show that two potential security vulnerabilities exist in the strong password-only authenticated key exchange scheme due to Jablon. Two standardised schemes based on Jablon's scheme, namely the first password-based key agreement mechanism in ISO/IEC FCD 11770-4 and the scheme BPKAS-SPEKE in IEEE P1363.2 also suffer from one or both of these security vulnerabilities. We further show that other password-based key agreement mechanisms, including those in ISO/IEC FCD 11770-4 and IEEE P1363.2, also suffer from these two security vulnerabilities. Finally, we propose means to remove these security vulnerabilities.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
qiang tang @ rhul ac uk
History
2005-05-29: received
Short URL
https://ia.cr/2005/156
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/156,
      author = {Qiang Tang and Chris J.  Mitchell},
      title = {On the security of some password-based key agreement schemes},
      howpublished = {Cryptology ePrint Archive, Paper 2005/156},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/156}},
      url = {https://eprint.iacr.org/2005/156}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.