Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Efficient Three-Party Password Authenticated Key Exchange for Client-to-Client Applications

  • Published : 2008.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Nowadays, client-to-client applications such as online chat (e.g. MSN) and SMS (Short Message Services) are becoming increasingly prevalent. These client-to-client applications are revolutionizing the way we communicate. Three-party PAKE (password authenticated key exchange) protocols provide a means for the two communicating parties holding passwords to establishment a secure channel between them with the help of a common server. In this paper, we propose an efficient three-party PAKE protocol for the client-to-client applications, which has much better performance than the existing generic constructions. We also show that the proposed protocol is secure in a formal security model.

Keywords

References

  1. Abdalla, M., Bresson, E., Chevassut, O., and Pointcheval, D.: 'Password-based group key exchange in a constant numher of rounds'. Proc. Intemational Workshop on Practice and Theory in Public Key Cryptography, PKC'06, LNCS 3958, pp 427-442
  2. Abdalla, M., Bohli, .J.M., Vasco, M., and Steinwandt, R.: '(Password) Authenticated Key Establishment: from 2-party to group', Proc. Theory of Cryptography Conference, TCC'07, LNCS 4392, 2007, pp. 499-514
  3. Abdalla, M., Fouque, P.A., and Pointcheval, D.: 'Password-based authenticated key exchange in the threeparty setting', Proc. Public Key Cryptography, PKC'05, LNCS 3383, 2005, pp. 65-84
  4. Abdalla, M., and Pointcheval, D.: 'Interactive diffiehellman assumptions with applications to password-based authentication', Proc, Financial Cryptography and Data Security, FC'05, LNCS 3570, 2005, pp. 341-356
  5. Boyarsky M.: 'Public-key cryptography and password protocols: the multi-user case', Proc, ACM Computer and Communication Security, CCS'99, 1999, pp. 63-72
  6. Bresson, E., Chevassut, O., and Pointcheval, D.: 'Security proofs for an efficient password-based key exchange', Proc. ACM. Computer and Communication Security, CCS'03, 2003, pp. 241-250
  7. Byun, .J.W., Leong, I.R., Lee D.H, and Park, C.S.: 'Password-authenticated key exchange between clients with different passwords', Proc. International Conference on Information and Communication Security, ICICS'02, LNCS 2513,2002, pp. 134-146
  8. Bellovin, S., and Merritt, M .. : 'Encrypted key exchange: password-based protocols secure against dictionary attacks, Proc. IEEE Symposium on Research in Security and Privacy, 1992, pp. 72-84
  9. Boyko, V., MacKenzie, P.D., and Patel S.: 'Provably secure password-authenticated key exchange using diffie-Hellman', Proc. Advances in Cryptology, EUROCRYPT'00, LNCS 1807, 2000, pp. 156-171
  10. Bellare. M.. Pointcheval, D., and Rogaway, P.: 'Authenticated key exchange secure against dictionary attacks', Proc. Advances in cryptology, Furocrypt'00, 2000, pp. 139-155
  11. Bellare, M., and Rogaway, P .. 'Provably secure session key distribution: the three party case', Proc. ACM Symposium on Theory of Computing, STOC'95, 1995, pp. 57-66
  12. Choo, K., Boyd, C, and Hitchcock, Y.: 'Examing indistinguishability-based proof models for key establishment protocols', Proc, Advances in Cryptology, ASIACRYPT'05, LNCS 3788, 2005, pp, 585-604
  13. Gong,, L., Lomas, M., Needham, R., and Saltzer ,J.: 'Protecting poorly chosen secrets from guessing attacks', IEEE Journal on Selected Areas in Communications, 1993, 11, (5), pp. 648-656 https://doi.org/10.1109/49.223865
  14. Ilalevi S., and Krawczyk II.: 'Public-key cryptography and password protocols', Proc, ACM Computer and Communication Sccurity, CCS'98, 1998, pp. 122-131
  15. Jain, A., Bolle, R., and Pankanti, S .. 'BIOMETRICS: Personal Identification in Networked Society', 1999, Kluwer Academic Publishers
  16. Katz, J., Ostrovsky, R., and Yung, M .. 'Forward secrecy in password-only key exchange protocols', Proc. Security in Communication Networks, 2002
  17. Katz J., Shrimpton T., and Jakobsson M .:'Threshold password-authenticated key exchange', Proc. Advances in Cryptology, Crypto'02, LNCS 2442, 2002, pp. 385-400
  18. Lin, C.L., Sun, H.M., and Hwang, T.: 'Three-party encrypted key exchange, attacks and a solution', ACM SIGOPS Operating Systems Review, 34, (4),2000, pp.12-20 https://doi.org/10.1145/506106.506108
  19. MacKenzie, P.: 'The PAK suite: protocols for password- authenticated key exchange', Submission to IEEE P1363.2, April 2002
  20. Raimondo M., Gennaro R.: 'Provably secure threshold password-authenticated key exchange', Proc. Advances in Cryptology, Eurocrypt' 03, LNCS 2656, 2003, pp. 507-523
  21. Steiner, M., Tsudik, G., and Waidner, M.: 'Refinement and extension of encrypted key exchange', ACM SIGOPS Operating Systems Review, 29, (3),1995, pp.22-30 https://doi.org/10.1145/206826.206834
  22. Wang, W., HU, L.: 'Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols', Proc, Indocrypt 2006, LNCS 4329, pp. 118-132