International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On the security of some password-based key agreement schemes

Authors:
Qiang Tang
Chris J. Mitchell
Download:
URL: http://eprint.iacr.org/2005/156
Search ePrint
Search Google
Abstract: In this paper we show that two potential security vulnerabilities exist in the strong password-only authenticated key exchange scheme due to Jablon. Two standardised schemes based on Jablon's scheme, namely the first password-based key agreement mechanism in ISO/IEC FCD 11770-4 and the scheme BPKAS-SPEKE in IEEE P1363.2 also suffer from one or both of these security vulnerabilities. We further show that other password-based key agreement mechanisms, including those in ISO/IEC FCD 11770-4 and IEEE P1363.2, also suffer from these two security vulnerabilities. Finally, we propose means to remove these security vulnerabilities.
BibTeX
@misc{eprint-2005-12492,
  title={On the security of some password-based key agreement schemes},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols /},
  url={http://eprint.iacr.org/2005/156},
  note={ qiang.tang@rhul.ac.uk 12929 received 26 May 2005},
  author={Qiang Tang and Chris J. Mitchell},
  year=2005
}