Security Analysis of Password-based Authenticated Key Exchange Protocols

Abstract Password-based cryptosystems commonly suffer from dictionary attacks because their security depends on low entropy passwords. It is ever challenging to design a password-based cryptosystem secure against this attack. Password-based authenticated key exchange (PAKE) protocols allow two or more interacting parties to establish cryptographic keys based on their knowledge of some password. The PAKE protocols commonly use password-based encryption and are therefore susceptible to dictionary attacks. Many existing PAKE protocols are claimed to be secure against these dictionary attacks but there is no easy method to verify their claim. In this work we focus on evaluating the security of two-party PAKE protocols under possible attack scenarios. We first consider all possible combination of participants of an attack scenario, which turn out to be 5 in number. This gives rise to 25 possible attack scenarios among the participants. We find that 11 out of these 25 scenarios are valid. We then analyze the security of 5 PAKE protocols under the attack scenarios developed by us. Namely, we analyze EKE, SPEKE, SRP, KOY and IdBP protocols. We also provide some suggestions on improving existing PAKE designs.