Analyzing and Patching SPEKE in ISO/IEC
- Submitting institution
-
University of York
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 54880574
- Type
- D - Journal article
- DOI
-
10.1109/TIFS.2018.2832984
- Title of journal
- Information Forensics and Security, IEEE Transactions on
- Article number
- -
- First page
- 2844
- Volume
- 13
- Issue
- 11
- ISSN
- 1556-6013
- Open access status
- Compliant
- Month of publication
- May
- Year of publication
- 2018
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
3
- Research group(s)
-
-
- Citation count
- 3
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- SPEKE is internationally standardised and one of the most widely-used password-based authentication key exchange protocols, used e.g. in Google Nest and Firefox Sync. The recent revision of the international standard ISO/IEC 11770-4 adopted the fixes proposed by this work, referencing the conference version of the paper. The proposed protocol was one of the four ‘balanced’ finalists for IETF standardisation (see ‘authoritative source’ for SPEKE in https://github.com/cfrg/pake-selection). The work is cited in the widely-used textbook on key exchange: Boyd, Mathuria, Stebila: “Protocols for Authentication and Key Establishment”, 2nd ed., Springer, 2019.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -