@inproceedings{oai:ipsj.ixsq.nii.ac.jp:00074815, author = {辛, 星漢 and 古原, 和邦 and 今井, 秀樹 and SeongHan, Shin and Kazukuni, Kobara and Hideki, Imai}, book = {コンピュータセキュリティシンポジウム2009 (CSS2009) 論文集}, month = {Oct}, note = {Augmented PAKE (Password-Authenticated Key Exchange) プロトコルはパスワードのみで認証付き鍵共有をしながらさらに Server-Compromise Impersonation (SCI) 攻撃にも安全性を有する者である。現在、複数の augmented PAKE プロトコルが ISO/IEC JTC1/SC 2711770-4 で標準化され、IEEE P1363.2 working group でも標準化が検討されている。本稿では、Serve-Compromise Impersonation (SCI) 攻撃を再考察することで二つの augmented PAKE プロトコルが実は SCI 攻撃に安全ではないことを示す。, An augmented PAKE (Password-Authenticated Key Exchange) protocol is said to be secure against server-compromise impersonation attacks if an attacker who obtained client's password vertification data from a server cannot impersonate the client without performing offline dictionary attacks on the passoword vertification data. Until now, several augmented PAKE protocols have been standarized in ISO/IEC JTC1/SC 27 11770-4 and are being standardized in IEEE P1363.2 working group. In this paper, we revisit server-compromise impersonation attacks by showing that two augmented PAKE protocols (claimed to be secure) are actually insecure against server-compromise impersonation attacks. more specifically, we present generic server-compromise impersonation attacks on the two augmented PAKE prococols.}, pages = {1--6}, publisher = {情報処理学会}, title = {Understanding Server-Compromise Impersonation Attacks in Augmented PAKE}, volume = {2009}, year = {2011} }