Analyzing and Patching SPEKE in ISO/IEC

@article{Hao2018AnalyzingAP,
  title={Analyzing and Patching SPEKE in ISO/IEC},
  author={Feng Hao and Roberto Metere and Siamak Fayyaz Shahandashti and Changyu Dong},
  journal={IEEE Transactions on Information Forensics and Security},
  year={2018},
  volume={13},
  pages={2844-2855}
}
  • Feng Hao, Roberto Metere, +1 author Changyu Dong
  • Published in
    IEEE Transactions on…
    2018
  • Computer Science
  • Simple password exponential key exchange (SPEKE) is a well-known password authenticated key exchange protocol that has been used in Blackberry phones for secure messaging and Entrust’s TruePass end-to-end web products. It has also been included into international standards such as ISO/IEC 11770-4 and IEEE P1363.2. In this paper, we analyze the SPEKE protocol as specified in the ISO/IEC and IEEE standards. We identify that the protocol is vulnerable to two new attacks: an impersonation attack… CONTINUE READING

    Create an AI-powered research feed to stay up to date with new papers like this posted to ArXiv

    9
    Twitter Mentions

    Citations

    Publications citing this paper.

    References

    Publications referenced by this paper.
    SHOWING 1-10 OF 27 REFERENCES

    The SPEKE Protocol Revisited

    VIEW 11 EXCERPTS

    Analysis of the SPEKE password-authenticated key exchange protocol

    VIEW 5 EXCERPTS
    HIGHLY INFLUENTIAL

    Strong password-only authenticated key exchange

    VIEW 10 EXCERPTS
    HIGHLY INFLUENTIAL

    Applied pi calculus

    VIEW 6 EXCERPTS
    HIGHLY INFLUENTIAL

    On the Security of Some Password-Based Key Agreement Schemes

    VIEW 4 EXCERPTS
    HIGHLY INFLUENTIAL

    Cryptography - theory and practice

    VIEW 3 EXCERPTS
    HIGHLY INFLUENTIAL

    A semantic model for authentication protocols

    VIEW 3 EXCERPTS
    HIGHLY INFLUENTIAL

    Encrypted key exchange: password-based protocols secure against dictionary attacks

    VIEW 4 EXCERPTS
    HIGHLY INFLUENTIAL

    Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

    • Bruno Blanchet
    • Mathematics, Computer Science
    • Foundations and Trends in Privacy and Security
    • 2016
    VIEW 1 EXCERPT