LAUSR.org creates dashboard-style pages of related content for over 1.5 million academic articles. Sign Up to like articles & get recommendations!

Security Analysis of an ID-Based Two-Server Password-Authenticated Key Exchange

Photo by hudsoncrafted from unsplash

Two-server password-authenticated key exchange allows the client to split a low-entropy password into two pieces and store them in two servers, respectively, and the two servers collaboratively authenticate the client… Click to show full abstract

Two-server password-authenticated key exchange allows the client to split a low-entropy password into two pieces and store them in two servers, respectively, and the two servers collaboratively authenticate the client and establish session keys. Even though either server has been corrupted, it guarantees that the password still remains secure. In 2014, Yi et al. proposed a compiler that transforms any two-party PAKE protocol to a two-server PAKE protocol by dint of the ID-based public-key encryption system under the standard model. Moreover, it is claimed that the scheme is provably secure in a relevant formal model. In this letter, we point out an existing related-key attack to their scheme so that when one server is corrupted, the adversary can subtly derive the fresh key shared by the remaining two honest parties. In addition, we suggest a simple patch to avoid this concern.

Keywords: server password; authenticated key; two server; password authenticated; password; server

Journal Title: IEEE Communications Letters
Year Published: 2017

Link to full text (if available)


Share on Social Media:                               Sign Up to like & get
recommendations!

Related content

More Information              News              Social Media              Video              Recommended



                Click one of the above tabs to view related content.