Geodesic
A review of the password authenticated key exchange protocols vulnerabilities and principles of the \emph{SESPAKE} protocol construction
Matematičeskie voprosy kriptografii, Tome 7 (2016), pp. 7-28.

Voir la notice de l'article provenant de la source Math-Net.Ru

We consider a family of protocols permitting the parties sharing a weak key (a password) to generate a strong common key using the unprotected channel. It is supposed that to check the password correctness the adversary should interact with legitimate participants. A review of the known vulnerabilities of the protocols of the family considered is given. This review is used to explain the main principles of the SESPAKE protocol construction. 
@article{MVK_2016_7_a1,
     author = {E. K. Alekseev and L. R. Akhmetzyanova and I. B. Oshkin and S. V. Smyshlyaev},
     title = {A review of the password authenticated key exchange protocols vulnerabilities and principles of the {\emph{SESPAKE}} protocol construction},
     journal = {Matemati\v{c}eskie voprosy kriptografii},
     pages = {7--28},
     publisher = {mathdoc},
     volume = {7},
     year = {2016},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/MVK_2016_7_a1/}
}
TY  - JOUR
AU  - E. K. Alekseev
AU  - L. R. Akhmetzyanova
AU  - I. B. Oshkin
AU  - S. V. Smyshlyaev
TI  - A review of the password authenticated key exchange protocols vulnerabilities and principles of the \emph{SESPAKE} protocol construction
JO  - Matematičeskie voprosy kriptografii
PY  - 2016
SP  - 7
EP  - 28
VL  - 7
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MVK_2016_7_a1/
LA  - ru
ID  - MVK_2016_7_a1
ER  - 
%0 Journal Article
%A E. K. Alekseev
%A L. R. Akhmetzyanova
%A I. B. Oshkin
%A S. V. Smyshlyaev
%T A review of the password authenticated key exchange protocols vulnerabilities and principles of the \emph{SESPAKE} protocol construction
%J Matematičeskie voprosy kriptografii
%D 2016
%P 7-28
%V 7
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MVK_2016_7_a1/
%G ru
%F MVK_2016_7_a1
E. K. Alekseev; L. R. Akhmetzyanova; I. B. Oshkin; S. V. Smyshlyaev. A review of the password authenticated key exchange protocols vulnerabilities and principles of the \emph{SESPAKE} protocol construction. Matematičeskie voprosy kriptografii, Tome 7 (2016), pp. 7-28. http://geodesic.mathdoc.fr/item/MVK_2016_7_a1/

[1] Abdalla M., Pointcheval D., “Simple password-based encrypted key exchange protocols”, Proc. of Topics in Cryptology, CT-RSA 2005, Lect. Notes Comput. Sci., 3376, 191–208 | DOI | MR | Zbl

[2] Lochter M., Merkle J., Schmidt J.-M., Schutze T., Requirements for standard elliptic curves, Cryptology ePrint Archive, Report 2014/832

[3] Alekseev E., Oshkin I., Popov V., CRYPTO-PRO. The security evaluated standardized password authenticated key exchange (SESPAKE) Protocol, Internet-Draft, ed. Smyshlyaev S., 2016 https://tools.ietf.org/html/draft-smyshlyaev-sespake-02

[4] Eronen P., Tschofenig H. (eds.), Pre-shared key ciphersuites for transport layer security (TLS), RFC 4279, 2005 https://tools.ietf.org/html/rfc4279

[5] Bellare M., Rogaway P., “Entity authentication and key distribution”, CRYPTO'93, Lect. Notes Comput. Sci., 773, 1993, 232–249 | DOI | MR

[6] Diffie W., van Oorschot P. C., Wiener M. J., “Authentication and authenticated key exchanges”, Designs, Codes and Cryptography, 2:2, June (1992), 107–125 | DOI | MR

[7] Needham R. M., Schroeder M. D., “Using encryption for authentication in large networks of computers”, Comm. ACM, 21:12, December (1978), 993–999 | DOI | Zbl

[8] Bellare M., Pointcheval D., Rogaway P., “Authenticated key exchange secure against dictionary attacks”, EUROCRYPT 2000, Lect. Notes Comput. Sci., 1807, 2000, 139–155 | DOI | Zbl

[9] Bellovin S., Merritt M., “Encrypted key exchange: password-based protocols secure against dictionary attacks”, IEEE Symposium on Security and Privacy (1992), 72–84

[10] Harkins D., “Simultaneous authentication of equals: A secure, password-based key exchange for mesh networks”, Proceedinigs of SENSORCOMM 2008, IEEE Computer Society, Washington, DC, 2008, 839–844

[11] Clarke D., Hao F., “Cryptanalysis of the Dragonfly key exchange protocol”, IET Information Security, 8:6 (2014), 283–289 | DOI

[12] Jablon D., “Strong password-only authenticated key exchange”, ACM SIGCOMM Computer Communication Review, 26:5 (1996), 5–26 | DOI

[13] Advanced security mechanism for machine readable travel documents - extended access control (eac), password authenticated connection establishment (PACE), and restricted identification (ri), Federal Office for Information Security (BSI), 2008

[14] Alekseev E., Oshkin I., Popov V., Leontiev S., Podobaev V., Belyavsky D., Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012, RFC 7836, ed. Smyshlyaev S., 2016 https://tools.ietf.org/html/rfc7836.html | MR

[15] Hao F., Shahandashti S. F., The SPEKE Protocol revisited, Cryptology ePrint Archive, Report 2014/585

[16] Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Protokol vyrabotki obschego klyucha s autentifikatsiei na osnove parolya, Rekomendatsii po standartizatsii, Standartinform, M., 2016

[17] Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Parolnaya zaschita klyuchevoi informatsii, Rekomendatsii po standartizatsii, Standartinform, M.

[18] Informatsionnaya tekhnologiya. Kriptograficheskaya zaschita informatsii. Protsessy formirovaniya i proverki elektronnoi tsifrovoi podpisi, Natsionalnyi standart Rossiiskoi Federatsii GOST R 34.10-2012, Federalnoe agentstvo po tekhnicheskomu regulirvoaniyu i metrologii, Standartinform, M., 2012

[19] Menezes A. J., van Oorschot P. C., Vanstone S. A., Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, etc., 1996, 780 pp. | MR