For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
About Validity Checks of Augmented PAKE in IEEE 1363.2 and ISO/IEC 11770-4
SeongHan SHIN Kazukuni KOBARA
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Publication Date: 2014/01/01
Online ISSN: 1745-1337
Print ISSN: 0916-8508
Type of Manuscript: LETTER
Category: Cryptography and Information Security
PAKE, on-line/off-line dictionary attacks, augmented PAKE, IEEE 1363.2, ISO/IEC 11770-4, validity checks,
Full Text: PDF(103.7KB)
>>Buy this Article
An augmented PAKE (Password-Authenticated Key Exchange) protocol provides password-only authentication in the presence of an attacker, establishment of session keys between the involving parties, and extra protection for server compromise (i.e., exposure of password verification data). Among many augmented PAKE protocols, AMP variants (AMP2  and AMP+ ) have been standardized in IEEE 1363.2  and ISO/IEC 11770-4 . In this paper, we thoroughly investigate APKAS-AMP (based on AMP2 ) and KAM3 (based on AMP+ ) which require several validity checks on the values, received and computed by the parties, when using a secure prime. After showing some attacks on APKAS-AMP and KAM3, we suggest new sanity checks that are clear and sufficient to prevent an attacker from doing these attacks.