@inproceedings{oai:ipsj.ixsq.nii.ac.jp:00074815,
 author = {辛, 星漢 and 古原, 和邦 and 今井, 秀樹 and SeongHan, Shin and Kazukuni, Kobara and Hideki, Imai},
 book = {コンピュータセキュリティシンポジウム2009 (CSS2009) 論文集},
 month = {Oct},
 note = {Augmented PAKE (Password-Authenticated Key Exchange) プロトコルはパスワードのみで認証付き鍵共有をしながらさらに Server-Compromise Impersonation (SCI) 攻撃にも安全性を有する者である。現在、複数の augmented PAKE プロトコルが ISO/IEC JTC1/SC 2711770-4 で標準化され、IEEE P1363.2 working group でも標準化が検討されている。本稿では、Serve-Compromise Impersonation (SCI) 攻撃を再考察することで二つの augmented PAKE プロトコルが実は SCI 攻撃に安全ではないことを示す。, An augmented PAKE (Password-Authenticated Key Exchange) protocol is said to be secure against server-compromise impersonation attacks if an attacker who obtained client's password vertification data from a server cannot impersonate the client without performing offline dictionary attacks on the passoword vertification data. Until now, several augmented PAKE protocols have been standarized in ISO/IEC JTC1/SC 27 11770-4 and are being standardized in IEEE P1363.2 working group. In this paper, we revisit server-compromise impersonation attacks by showing that two augmented PAKE protocols (claimed to be secure) are actually insecure against server-compromise impersonation attacks. more specifically, we present generic server-compromise impersonation attacks on the two augmented PAKE prococols.},
 pages = {1--6},
 publisher = {情報処理学会},
 title = {Understanding Server-Compromise Impersonation Attacks in Augmented PAKE},
 volume = {2009},
 year = {2011}
}