[en] Password Authenticated Key Exchange (PAKE) allows a
user to establish a secure cryptographic key with a server, using only
knowledge of a pre-shared password. One of the basic security require-
ments of PAKE is to prevent o ine dictionary attacks.
In this paper, we revisit zkPAKE, an augmented PAKE that has been
recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our
work shows that the zkPAKE protocol is prone to o ine password guess-
ing attack, even in the presence of an adversary that has only eavesdrop-
ping capabilities. Results of performance evaluation show that our attack
is practical and e cient.Therefore, zkPAKE is insecure and should not
be used as a password-authenticated key exchange mechanism.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Disciplines :
Computer science
Author, co-author :
Lopez Becerra, José Miguel ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Ryan, Peter ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Sala, Petra ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Skrobot, Marjan
External co-authors :
yes
Language :
English
Title :
An offline dictionary attack against zkPAKE protocol
Publication date :
2019
Event name :
34th IFIP TC-11 SEC 2019 International Conference on Information Security and Privacy Protection
Event date :
from 25-6-2019 to 27-6-2019
Audience :
International
Main work title :
An offline dictionary attack against zkPAKE protocol
Publisher :
Springer
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR8293135 - A Theory Of Matching Sessions, 2014 (01/05/2015-30/04/2018) - Peter Y. A. Ryan
Name of the research project :
PRIDE15
Funders :
FNR - Fonds National de la Recherche [LU]
Commentary :
This work was supported by the Luxembourg National Research Fund through
grant PRIDE15/10621687/SPsquared and under CORE project AToMS (Project
ID 8293135).