A secure two-party password-authenticated key exchange protocol

Abstract

PAKE protocols which stands for Password Authenticated Key Exchange are of great importance for providing secure communications over the Internet. They permit two entities to share a session key in an authentic manner based on a human-memorable password. In 2006, Kolesnikov and Rackoff proposed an improvement to the Halevi and Krawczyk's PAKE protocols. In 2010, they revised their preceding protocol and introduced an improvement to it. In this paper, it is shown that not only are Halevi and Krawczyk's PAKE protocols vulnerable to ephemeral key compromise impersonation and malicious server attacks, but they also fail to provide key confirmation property simultaneously, one of which does not even satisfy Forward Secrecy attribute. It is also shown that Kolesnikov and Rackoffs protocols are susceptible to ephemeral key compromise impersonation and to Denial-of-Service (DoS) attacks, nor do they satisfy Forward Secrecy, mutual authentication, and key confirmation attributes. Additionally, they are prone to the disclosure of pre-shared secret key. Two improved protocols, called S2PAKEvl and S2PAKEv2, are also proposed providing several security attributes, both of which are still efficient. S2PAKEvl has two rounds with mutual authentication and not providing key confirmation, while S2PAKEv2 is of three rounds holding mutual authentication and key confirmation.