• DocumentCode
    866918
  • Title

    Analysis of the SPEKE password-authenticated key exchange protocol

  • Author

    Zhang, Muxiang

  • Author_Institution
    Verizon Commun. Inc., Waltham, MA, USA
  • Volume
    8
  • Issue
    1
  • fYear
    2004
  • Firstpage
    63
  • Lastpage
    65
  • Abstract
    In this letter, we show that for the SPEKE password-authenticated key exchange protocol, an adversary is able to test multiple possible passwords using a single impersonation attempt. In particular, when passwords are short Personal Identification Numbers (PINs), we show that a fully-constrained SPEKE is susceptible to password guessing attack. Our analysis contradicts the claim that the SPEKE protocol appears to be at least as strong as the Bellovin-Merritt EKE protocol. For EKE, an adversary can gain information about at most one possible password in each impersonation attempt.
  • Keywords
    cryptography; message authentication; protocols; telecommunication security; SPEKE protocol; key exchange; multiple possible password; network security; password guessing attack; password-authentication; personal identification number; single impersonation; Access protocols; Authentication; Cryptography; Data security; Dictionaries; Helium; Information security; Pins; Standards development; Testing;
  • fLanguage
    English
  • Journal_Title
    Communications Letters, IEEE
  • Publisher
    ieee
  • ISSN
    1089-7798
  • Type

    jour

  • DOI
    10.1109/LCOMM.2003.822506
  • Filename
    1261928
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=866918