Reverse Online Guessing Attacks on PAKE Protocols

• URL: http://arxiv.org/abs/2602.08993v1
• Date: Mon, 09 Feb 2026 18:40:53 GMT
• Title: Reverse Online Guessing Attacks on PAKE Protocols
• Authors: Eloise Christian, Tejas Gadwalkar, Arthur Azevedo de Amorim, Edward V. Zieglar,
• Abstract summary: We show that password-authenticated key exchange protocols are vulnerable to reverse online guessing attacks.<n> reverse guessing poses a unique risk because the burden of detection is shifted to the clients.<n>Our analysis suggests that stakeholders should, by default, authenticate the server using more stringent measures than just the user's password.
• Score: 0.43748379918040853
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Though not yet widely deployed, password-authenticated key exchange (PAKE) protocols have been the subject of several recent standardization efforts, partly because of their resistance against various guessing attacks, but also because they do not require a public-key infrastructure (PKI), making them naturally resistant against PKI failures. The goal of this paper is to reevaluate the PAKE model by noting that the absence of a PKI -- or, more generally, of a mechanism aside from the password for authenticating the server -- makes such protocols vulnerable to reverse online guessing attacks, in which an adversary attempts to validate password guesses by impersonating a server. While their logic is similar to traditional guessing, where the attacker impersonates a client, reverse guessing poses a unique risk because the burden of detection is shifted to the clients, rendering existing defenses against traditional guessing moot. Our results demonstrate that reverse guessing is particularly effective when an adversary attacks clients indiscriminately, such as in phishing or password-spraying attacks, or for applications with automated login processes or a universal password, such as WPA3-SAE. Our analysis suggests that stakeholders should, by default, authenticate the server using more stringent measures than just the user's password, and that a password-only mode of operation should be a last resort against catastrophic security failures when other authentication mechanisms are not available.

Related papers

• Practical Acoustic Eavesdropping On Typed Passphrases [0.0]
  This paper exploits keyboard acoustic emanations to infer typed natural language passphrases via unsupervised learning.<n>It is also applicable to longer messages, such as confidential emails, where the margin for error is much greater.<n>Cross-correlation audio preprocessing outperforms methods like mel-frequency-cepstral coefficients and fast-fourier transforms in keystroke clustering.
  arXiv  Detail & Related papers  (2025-03-20T21:42:30Z)
• A Secure Remote Password Protocol From The Learning With Errors Problem [0.045285281911950165]
  We propose a post-quantum SRP protocol from the learning with errors (LWE) problem.<n>We give rigorous proof and analyses on the correctness and security of the scheme.
  arXiv  Detail & Related papers  (2025-01-13T11:01:50Z)
• Exploiting Leakage in Password Managers via Injection Attacks [16.120271337898235]
  This work explores injection attacks against password managers. In this setting, the adversary controls their own application client, which they use to "inject" chosen payloads to a victim's client via, for example, sharing credentials with them.
  arXiv  Detail & Related papers  (2024-08-13T17:45:12Z)
• Excavating Vulnerabilities Lurking in Multi-Factor Authentication Protocols: A Systematic Security Analysis [2.729532849571912]
  Single-factor authentication (SFA) protocols are often bypassed by side-channel and other attack techniques. To alleviate this problem, multi-factor authentication (MFA) protocols have been widely adopted recently.
  arXiv  Detail & Related papers  (2024-07-29T23:37:38Z)
• Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
  We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
  arXiv  Detail & Related papers  (2024-05-24T07:51:15Z)
• Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
  Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication. Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
  arXiv  Detail & Related papers  (2024-05-21T13:34:23Z)
• EmInspector: Combating Backdoor Attacks in Federated Self-Supervised Learning Through Embedding Inspection [53.25863925815954]
  Federated self-supervised learning (FSSL) has emerged as a promising paradigm that enables the exploitation of clients' vast amounts of unlabeled data. While FSSL offers advantages, its susceptibility to backdoor attacks has not been investigated. We propose the Embedding Inspector (EmInspector) that detects malicious clients by inspecting the embedding space of local models.
  arXiv  Detail & Related papers  (2024-05-21T06:14:49Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• Conditional Generative Adversarial Network for keystroke presentation attack [0.0]
  We propose to study a new approach aiming to deploy a presentation attack towards a keystroke authentication system. Our idea is to use Conditional Generative Adversarial Networks (cGAN) for generating synthetic keystroke data that can be used for impersonating an authorized user. Results indicate that the cGAN can effectively generate keystroke dynamics patterns that can be used for deceiving keystroke authentication systems.
  arXiv  Detail & Related papers  (2022-12-16T12:45:16Z)
• Backdoor Attack against Speaker Verification [86.43395230456339]
  We show that it is possible to inject the hidden backdoor for infecting speaker verification models by poisoning the training data. We also demonstrate that existing backdoor attacks cannot be directly adopted in attacking speaker verification.
  arXiv  Detail & Related papers  (2020-10-22T11:10:08Z)
• On Certifying Robustness against Backdoor Attacks via Randomized Smoothing [74.79764677396773]
  We study the feasibility and effectiveness of certifying robustness against backdoor attacks using a recent technique called randomized smoothing. Our results show the theoretical feasibility of using randomized smoothing to certify robustness against backdoor attacks. Existing randomized smoothing methods have limited effectiveness at defending against backdoor attacks.
  arXiv  Detail & Related papers  (2020-02-26T19:15:46Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.