Breaking the provably secure SAKE-C authenticated key exchange protocol with Extended Key Compromise Impersonation (E-KCI) Attack
Ali Mackvandi, Maryam Saeed, and Mansour Naddafiun
Authenticated Key Exchange (AKE) protocols are those protocols that allow two or more entities to concur with a common session key in an authentic manner in which this key is used to encrypt the proceeding communications. In 2010, Zhao et al. proposed Provably Secure Authenticated Key Exchange Protocol under the CDH Assumption (referred to as SAKE and SAKE-C). Despite the fact that the security of the proposed protocol is proved in the formal model, due to not considering all the prerequisite queries in defining and designing formal security model, in this letter it is shown that the so-called secure protocol is vulnerable to Extended Key Compromise Impersonation (E-KCI) attack so that this attack is a practicable flaw that was signaled by Tang et al. for the first time in 2011. Unfortunately, it is conspicuously perspicuous that most of the AKE and PAKE protocols are vulnerable to E-KCI attack which is a new-introduced flaw in this field, because even one of the most famous, secure, and efficient PAKE protocols such as the 3-pass HMQV protocol suffers from this vulnerability.
- Available format(s)
- -- withdrawn --
- Publication info
- Published elsewhere. Unknown where it was published
- AKE (Authenticated Key Exchange)Cryptographic protocolsExtended KCI attackSecurity Analysis.
- Contact author(s)
- Mackvandi @ pishgaman com
- 2012-02-01: withdrawn
- 2012-01-20: received
- See all versions
- Short URL