Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

A Password-based Efficient Key Exchange Protocol

패스워드 기반의 효율적인 키 교환 프로토콜

  • Published : 2004.08.01
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose a new key exchange protocol which authenticates each other and shares a session key between a user and a server over an insecure channel using only a small password. The security of the protocol is based on the difficulty of solving the discrete logarithm problem and the Diffie-Hellman problem and the cryptographic strength of hash function. The protocol is secure against the man-in-the-middle attack, the password guessing attack, the Denning-Sacco attack, and the stolen-verifier attack, and provide the perfect forward secrecy. Furthermore, it is more efficient than other well-known protocols in terms of protocol execution time because it could be executed in parallel and has a simple structure.

본 논문에서는 작은 패스워드만을 이용하여 안전하지 않은 통신상에서 사용자와 서버간에 서로를 인중하고 세션키를 공유하기 위한 새로운 키 교환 프로토콜을 제안한다. 제안된 프로토콜의 안전성은 이산대수 문제와 Diffie-Hellman 문제의 어려움, 그리고 해쉬 함수의 암호학적 강도에 기반을 두고 있으며 패스워드 추측 공격, 중간 침입자 공격, Denning-Sacco 공격, 그리고 Stolen-verifier 공격에 안전하며, 완전한 전방향 보안성을 제공하도록 설계되었다. 더욱이, 구조가 간단하고 참여자들 사이에 병렬 처리가 가능하기 때문에 기존에 잘 알려진 프로토콜들과 비교하여 효율적이다.

Keywords

References

  1. IEEE. Standard Specifications for Public Key Cryptography, IEEE1363, 2002
  2. V. Boyko, P. MacKenzie and S. Patel. 'Provably Secure Password- Authenticated Key Exchange Using Diffie-Hellman,' Advances in Cryptology-EUROCRYPT'2000, pp. 156-171, 2000
  3. T. Kwon. 'Ultimate Solution to Authentication via Memorable Password,' Presented to IEEE P1363a, May 2000
  4. D. Jablon. 'Extended password key exchange protocols,' WETICE Workshop on Enterprise Security, 1997
  5. T. Wu. 'Secure remote password protocol,' Internet Society Symposium on Network and Distributed System Security, 1998
  6. P. MacKenzie, S. Patel, and R. Swaminathan. 'Password-authenticated key exchange based on RSA.' In ASIACRYPT2000
  7. M. Bellare and P. Rogaway, 'The AuthA protocol for password-based authenticated key exchange,' Presented to IEEE P1363a, March 2000
  8. W. Diffie, M. E. Hellman, 'New directions in cryptography,' IEEE Transactions on Information Theory, Vol.IT-22, No.6, pp.644-654, 1976 https://doi.org/10.1109/TIT.1976.1055638
  9. D. R. Stinson, Cryptography Theory and Practice, CRC, 1995
  10. M. Bellare and P. Rogaway, 'Random oracles are practical: A paradigm for designing efficient protocols,' In ACM security 93, pp.62-73, 1993 https://doi.org/10.1145/168588.168596
  11. M. Bellare and P. Rogaway, 'Entity Authentication and Key Distribution,' Advances in Cryptology-CRYPTO'93, Vol. 773, pp.232-249, 1994