About Validity Checks of Augmented PAKE in IEEE 1363.2 and ISO/IEC 11770-4
Summary :
An augmented PAKE (Password-Authenticated Key Exchange) protocol provides password-only authentication in the presence of an attacker, establishment of session keys between the involving parties, and extra protection for server compromise (i.e., exposure of password verification data). Among many augmented PAKE protocols, AMP variants (AMP2 [16] and AMP+ [15]) have been standardized in IEEE 1363.2 [9] and ISO/IEC 11770-4 [10]. In this paper, we thoroughly investigate APKAS-AMP (based on AMP2 [16]) and KAM3 (based on AMP+ [15]) which require several validity checks on the values, received and computed by the parties, when using a secure prime. After showing some attacks on APKAS-AMP and KAM3, we suggest new sanity checks that are clear and sufficient to prevent an attacker from doing these attacks.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E97-A No.1 pp.413-417
- Publication Date
- 2014/01/01
- Publicized
- Online ISSN
- 1745-1337
- DOI
- 10.1587/transfun.E97.A.413
- Type of Manuscript
- LETTER
- Category
- Cryptography and Information Security
Authors
SeongHan SHIN
National Institute of Advanced Industrial Science and Technology (AIST)
Kazukuni KOBARA
National Institute of Advanced Industrial Science and Technology (AIST)
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
SeongHan SHIN, Kazukuni KOBARA, "About Validity Checks of Augmented PAKE in IEEE 1363.2 and ISO/IEC 11770-4" in IEICE TRANSACTIONS on Fundamentals,
vol. E97-A, no. 1, pp. 413-417, January 2014, doi: 10.1587/transfun.E97.A.413.
Abstract: An augmented PAKE (Password-Authenticated Key Exchange) protocol provides password-only authentication in the presence of an attacker, establishment of session keys between the involving parties, and extra protection for server compromise (i.e., exposure of password verification data). Among many augmented PAKE protocols, AMP variants (AMP2 [16] and AMP+ [15]) have been standardized in IEEE 1363.2 [9] and ISO/IEC 11770-4 [10]. In this paper, we thoroughly investigate APKAS-AMP (based on AMP2 [16]) and KAM3 (based on AMP+ [15]) which require several validity checks on the values, received and computed by the parties, when using a secure prime. After showing some attacks on APKAS-AMP and KAM3, we suggest new sanity checks that are clear and sufficient to prevent an attacker from doing these attacks.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E97.A.413/_p
Copy
@ARTICLE{e97-a_1_413,
author={SeongHan SHIN, Kazukuni KOBARA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={About Validity Checks of Augmented PAKE in IEEE 1363.2 and ISO/IEC 11770-4},
year={2014},
volume={E97-A},
number={1},
pages={413-417},
abstract={An augmented PAKE (Password-Authenticated Key Exchange) protocol provides password-only authentication in the presence of an attacker, establishment of session keys between the involving parties, and extra protection for server compromise (i.e., exposure of password verification data). Among many augmented PAKE protocols, AMP variants (AMP2 [16] and AMP+ [15]) have been standardized in IEEE 1363.2 [9] and ISO/IEC 11770-4 [10]. In this paper, we thoroughly investigate APKAS-AMP (based on AMP2 [16]) and KAM3 (based on AMP+ [15]) which require several validity checks on the values, received and computed by the parties, when using a secure prime. After showing some attacks on APKAS-AMP and KAM3, we suggest new sanity checks that are clear and sufficient to prevent an attacker from doing these attacks.},
keywords={},
doi={10.1587/transfun.E97.A.413},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - About Validity Checks of Augmented PAKE in IEEE 1363.2 and ISO/IEC 11770-4
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 413
EP - 417
AU - SeongHan SHIN
AU - Kazukuni KOBARA
PY - 2014
DO - 10.1587/transfun.E97.A.413
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E97-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2014
AB - An augmented PAKE (Password-Authenticated Key Exchange) protocol provides password-only authentication in the presence of an attacker, establishment of session keys between the involving parties, and extra protection for server compromise (i.e., exposure of password verification data). Among many augmented PAKE protocols, AMP variants (AMP2 [16] and AMP+ [15]) have been standardized in IEEE 1363.2 [9] and ISO/IEC 11770-4 [10]. In this paper, we thoroughly investigate APKAS-AMP (based on AMP2 [16]) and KAM3 (based on AMP+ [15]) which require several validity checks on the values, received and computed by the parties, when using a secure prime. After showing some attacks on APKAS-AMP and KAM3, we suggest new sanity checks that are clear and sufficient to prevent an attacker from doing these attacks.
ER -
English
