Toggle Main Menu Toggle Search

Open Access padlockePrints

The SPEKE protocol revisited

Lookup NU author(s): Professor Feng Hao

Downloads

Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


Abstract

© Springer International Publishing Switzerland 2014. The SPEKE protocol is commonly considered one of the classic Password Authenticated Key Exchange (PAKE) schemes. It has been included in international standards (particularly, ISO/IEC 11770-4 and IEEE 1363.2) and deployed in commercial products (e.g., Blackberry). We observe that the original SPEKE specification is subtly different from those defined in the ISO/IEC 11770-4 and IEEE 1363.2 standards. We show that those differences have critical security implications by presenting two new attacks on SPEKE: an impersonation attack and a keymalleability attack. The first attack allows an attacker to impersonate a user without knowing the password by engaging in two parallel sessions with the victim. The second attack allows an attacker to manipulate the session key established between two honest users without being detected. Both attacks are applicable to the original SPEKE scheme, and are only partially addressed in the ISO/IEC 11770-4 and IEEE 1363.2 standards. We highlight deficiencies in both standards and suggest concrete changes.


Publication metadata

Author(s): Hao F, Shahandashti SF

Editor(s): Chen L; Mitchell C

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: Security Standardisation Research : First International Conference, SSR 2014

Year of Conference: 2014

Pages: 26-38

Print publication date: 25/11/2014

Acceptance date: 01/01/1900

ISSN: 0302-9743

Publisher: Springer Verlag

URL: https://doi.org/10.1007/978-3-319-14054-4_2

DOI: 10.1007/978-3-319-14054-4_2

Library holdings: Search Newcastle University Library for this item

Series Title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ISBN: 9783319140537


Share