Analyzing and patching SPEKE in ISO/IEC
- Submitting institution
-
The University of Warwick
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 5996
- Type
- D - Journal article
- DOI
-
10.1109/TIFS.2018.2832984
- Title of journal
- IEEE Transactions on Information Forensics and Security
- Article number
- -
- First page
- 2844
- Volume
- 13
- Issue
- 11
- ISSN
- 1556-6013
- Open access status
- Technical exception
- Month of publication
- November
- Year of publication
- 2018
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
3
- Research group(s)
-
D - Data Science, Systems and Security
- Citation count
- 3
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- Published in a top journal in security, this paper presents two novel attacks against the SPEKE protocol and a countermeasure that provably fixes the identified flaws. SPEKE had been standardized by ISO/IEC for more than 10 years and used in many applications, and it was the first time such attacks were uncovered. This work has led to the revision of the standard with inclusion of the proposed countermeasure (published in ISO/IEC 11770-4:2017). The result has been included into the 2nd edition of a textbook (Boyd et al., Springer, 2019) and contributed to a £901k EPSRC grant led by Hao (EP/T014784/1).
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -