• DocumentCode
    258193
  • Title

    Security analysis of J-PAKE

  • Author

    Toorani, Mohsen

  • Author_Institution
    Dept. of Inf., Univ. of Bergen, Bergen, Norway
  • fYear
    2014
  • fDate
    23-26 June 2014
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    J-PAKE is a Password-Authenticated Key Exchange protocol, proposed in 2008 and presented again in 2010 and 2011. It does not require any public key infrastructure but uses zero-knowledge proofs. J-PAKE has been submitted as a candidate for the IEEE P1363.2 standard for password-based public key cryptography, and included in OpenSSL and OpenSSH. Since December 2010, J-PAKE has been used in Mozilla Firefox web browser. In this paper, we show that J-PAKE is vulnerable to password compromise impersonation attack, replay attack, and unknown key-share attack. We also propose some improvements for thwarting replay and unknown key-share attacks.
  • Keywords
    authorisation; cryptographic protocols; public key cryptography; IEEE P1363.2 standard; J-PAKE; Mozilla Firefox Web browser; OpenSSH; OpenSSL; password compromise impersonation attack; password-authenticated key exchange protocol; password-based public key cryptography; replay attack; security analysis; unknown key-share attack; zero-knowledge proofs; Authentication; Browsers; Dictionaries; Protocols; Resilience; Servers;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computers and Communication (ISCC), 2014 IEEE Symposium on
  • Conference_Location
    Funchal
  • Type

    conf

  • DOI
    10.1109/ISCC.2014.6912576
  • Filename
    6912576
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=258193