Cryptology ePrint Archive: Report 2005/156

On the security of some password-based key agreement schemes

Qiang Tang and Chris J. Mitchell

Abstract: In this paper we show that two potential security vulnerabilities exist in the strong password-only authenticated key exchange scheme due to Jablon. Two standardised schemes based on Jablon's scheme, namely the first password-based key agreement mechanism in ISO/IEC FCD 11770-4 and the scheme BPKAS-SPEKE in IEEE P1363.2 also suffer from one or both of these security vulnerabilities. We further show that other password-based key agreement mechanisms, including those in ISO/IEC FCD 11770-4 and IEEE P1363.2, also suffer from these two security vulnerabilities. Finally, we propose means to remove these security vulnerabilities.

Category / Keywords: cryptographic protocols /

Date: received 26 May 2005

Contact author: qiang tang at rhul ac uk

Available formats: PDF | BibTeX Citation

Version: 20050529:212835 (All versions of this report)

Discussion forum: Show discussion | Start new discussion