The Library
The SPEKE protocol revisited
Tools
Hao, Feng and Shahandashti, Siamak F. (2014) The SPEKE protocol revisited. In: First International Conference, SSR 2014, Egham, United Kingdom, 16-17 Dec 2014. Published in: Security Standardisation Research, 8893 pp. 26-38. ISBN 9783319140537. doi:10.1007/978-3-319-14054-4_2 ISSN 0302-9743.
Research output not available from this repository.
Request-a-Copy directly from author or use local Library Get it For Me service.
Official URL: http://dx.doi.org/10.1007/978-3-319-14054-4_2
Abstract
The SPEKE protocol is commonly considered one of the classic Password Authenticated Key Exchange (PAKE) schemes. It has been included in international standards (particularly, ISO/IEC 11770-4 and IEEE 1363.2) and deployed in commercial products (e.g., Blackberry). We observe that the original SPEKE specification is subtly different from those defined in the ISO/IEC 11770-4 and IEEE 1363.2 standards. We show that those differences have critical security implications by presenting two new attacks on SPEKE: an impersonation attack and a keymalleability attack. The first attack allows an attacker to impersonate a user without knowing the password by engaging in two parallel sessions with the victim. The second attack allows an attacker to manipulate the session key established between two honest users without being detected. Both attacks are applicable to the original SPEKE scheme, and are only partially addressed in the ISO/IEC 11770-4 and IEEE 1363.2 standards. We highlight deficiencies in both standards and suggest concrete changes
Item Type: | Conference Item (Paper) | ||||
---|---|---|---|---|---|
Divisions: | Faculty of Science, Engineering and Medicine > Science > Computer Science | ||||
Journal or Publication Title: | Security Standardisation Research | ||||
Publisher: | Springer | ||||
ISBN: | 9783319140537 | ||||
ISSN: | 0302-9743 | ||||
Book Title: | Security Standardisation Research | ||||
Official Date: | 2014 | ||||
Dates: |
|
||||
Volume: | 8893 | ||||
Page Range: | pp. 26-38 | ||||
DOI: | 10.1007/978-3-319-14054-4_2 | ||||
Status: | Not Peer Reviewed | ||||
Publication Status: | Published | ||||
Access rights to Published version: | Restricted or Subscription Access | ||||
Conference Paper Type: | Paper | ||||
Title of Event: | First International Conference, SSR 2014 | ||||
Type of Event: | Conference | ||||
Location of Event: | Egham, United Kingdom | ||||
Date(s) of Event: | 16-17 Dec 2014 |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |