Simple password exponential key exchange (SPEKE) is a well-known password authenticated key exchange protocol that has been used in Blackberry phones for secure messaging and Entrust's TruePass end-to-end web products. It has also been included into international standards such as ISO/IEC 11770-4 and IEEE P1363.2. In this paper, we analyze the SPEKE protocol as specified in the ISO/IEC and IEEE standards. We identify that the protocol is vulnerable to two new attacks: an impersonation attack that allows an attacker to impersonate a user without knowing the password by launching two parallel sessions with the victim, and a key-malleability attack that allows a man-in-the-middle to manipulate the session key without being detected by the end ...
The vast majority of communication on the Internet and private networks heavily relies on Public-key...
Authentication and key agreement protocols play an important role in today’s digital world. Key agre...
[[abstract]]Designing authenticated key exchange protocols for portable devices to secure communicat...
Simple password exponential key exchange (SPEKE) is a well-known password authenticated key exchange...
The SPEKE protocol is commonly considered one of the classic Password Authenticated Key Exchange (PA...
A new simple password exponential key exchange method (SPEKE) is described. It belongs to an exclusi...
International audiencePAKE protocols, for Password-Authenticated Key Exchange, enable two parties to...
Simple Password Exponential Key Exchange (SPEKE) and Dragonfly are simple password-based authenticat...
Password-authenticated key exchange (PAKE) is a major area of cryptographic protocol research and pr...
We study the security of password protocols against off-line dictionary attacks. In addition to the ...
AbstractWe study the security of password protocols against off-line dictionary attacks. In addition...
In wireless ad hoc networks environment, Bellovin and Merritt first developed a password-based Encry...
Session Initiation Protocol (SIP) is one of the most commonly used protocols for handling sessions f...
PKCS#11 is a standard API to cryptographic devices such as smarcards, hardware security modules and ...
With the advancement in Internet-based technologies, network applications are no longer just limited...
The vast majority of communication on the Internet and private networks heavily relies on Public-key...
Authentication and key agreement protocols play an important role in today’s digital world. Key agre...
[[abstract]]Designing authenticated key exchange protocols for portable devices to secure communicat...
Simple password exponential key exchange (SPEKE) is a well-known password authenticated key exchange...
The SPEKE protocol is commonly considered one of the classic Password Authenticated Key Exchange (PA...
A new simple password exponential key exchange method (SPEKE) is described. It belongs to an exclusi...
International audiencePAKE protocols, for Password-Authenticated Key Exchange, enable two parties to...
Simple Password Exponential Key Exchange (SPEKE) and Dragonfly are simple password-based authenticat...
Password-authenticated key exchange (PAKE) is a major area of cryptographic protocol research and pr...
We study the security of password protocols against off-line dictionary attacks. In addition to the ...
AbstractWe study the security of password protocols against off-line dictionary attacks. In addition...
In wireless ad hoc networks environment, Bellovin and Merritt first developed a password-based Encry...
Session Initiation Protocol (SIP) is one of the most commonly used protocols for handling sessions f...
PKCS#11 is a standard API to cryptographic devices such as smarcards, hardware security modules and ...
With the advancement in Internet-based technologies, network applications are no longer just limited...
The vast majority of communication on the Internet and private networks heavily relies on Public-key...
Authentication and key agreement protocols play an important role in today’s digital world. Key agre...
[[abstract]]Designing authenticated key exchange protocols for portable devices to secure communicat...