83 research outputs found
Analyzing and Patching SPEKE in ISO/IEC
Simple password exponential key exchange (SPEKE) is a well-known password authenticated key exchange protocol that has been used in Blackberry phones for secure messaging and Entrust's TruePass end-to-end web products. It has also been included into international standards such as ISO/IEC 11770-4 and IEEE P1363.2. In this paper, we analyze the SPEKE protocol as specified in the ISO/IEC and IEEE standards. We identify that the protocol is vulnerable to two new attacks: an impersonation attack that allows an attacker to impersonate a user without knowing the password by launching two parallel sessions with the victim, and a key-malleability attack that allows a man-in-the-middle to manipulate the session key without being detected by the end users. Both attacks have been acknowledged by the technical committee of ISO/IEC SC 27 and ISO/IEC 11770-4 revised as a result. We propose a patched SPEKE called P-SPEKE and present a formal analysis in the Applied Pi Calculus using ProVerif to show that the proposed patch prevents both attacks. The proposed patch has been included into the latest revision of ISO/IEC 11770-4 published in 2017
The (in)security of some recently proposed lightweight key distribution schemes
Two recently published papers propose some very simple key distribution
schemes designed to enable two or more parties to establish a shared secret key
with the aid of a third party. Unfortunately, as we show, most of the schemes
are inherently insecure and all are incompletely specified - moreover, claims
that the schemes are inherently lightweight are shown to be highly misleading.
We also briefly critique a somewhat related very recent paper by the same
authors that uses similar techniques to achieve what are claimed to be secure
multiparty computations.Comment: This version adds a brief critique of a related paper on secure
multiparty computatio
Parsing ambiguities in authentication and key establishment protocols
A new class of attacks against authentication and authenticated
key establishment protocols is described, which we call
parsing ambiguity attacks. If appropriate precautions
are not deployed, these attacks apply to a very wide range of
such protocols, including those specified in a number of
international standards. Three example attacks are described in
detail, and possible generalisations are also outlined.
Finally, possible countermeasures are given, as are
recommendations for modifications to the relevant standards
On the security of some password-based key agreement schemes
In this paper we show that two potential security vulnerabilities exist in the strong password-only authenticated key exchange scheme due to Jablon. Two standardised schemes based on Jablon's scheme, namely the first password-based key agreement mechanism in ISO/IEC FCD 11770-4 and the scheme BPKAS-SPEKE in IEEE P1363.2 also suffer from one or both of these security vulnerabilities. We further show that other password-based key agreement mechanisms, including those in ISO/IEC FCD 11770-4 and IEEE P1363.2, also suffer from these two security vulnerabilities. Finally, we propose means to remove these security vulnerabilities
New attacks on ISO key establishment protocols
Cheng and Comley demonstrated type flaw attacks against the key establishment mechanism 12 standardized in ISO/IEC 11770-2:1996. They also proposed enhancements to fix the security flaws in the mechanism. We show that the enhanced version proposed by Cheng and Comley is still vulnerable to type flaw attacks. As well we show that the key establishment mechanism 13 in the above standard is vulnerable to a type flaw attack
- …