The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

Multi Server Password Authenticated Key Exchange Using Attribute-Based Encryption

속성 기반 암호화 방식을 이용한 다중 서버 패스워드 인증 키 교환

  • Park, Minkyung (Seoul National University Department of Computer Science and Engineering) ;
  • Cho, Eunsang (Seoul National University Department of Computer Science and Engineering) ;
  • Kwon, Ted Taekyoung (Seoul National University Department of Computer Science and Engineering)
  • Received : 2015.06.01
  • Accepted : 2015.08.11
  • Published : 2015.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Password authenticated key exchange (PAKE) is a protocol that a client stores its password to a server, authenticates itself using its password and shares a session key with the server. In multi-server PAKE, a client splits its password and stores them to several servers separately. Unless all the servers are compromised, client's password will not be disclosed in the multi-server setting. In attribute-based encryption (ABE), a sender encrypts a message M using a set of attributes and then a receiver decrypts it using the same set of attributes. In this paper, we introduce multi-server PAKE protocol that utilizes a set of attributes of ABE as a client's password. In the protocol, the client and servers do not need to create additional public/private key pairs because the password is used as a set of public keys. Also, the client and the servers exchange only one round-trip message per server. The protocol is secure against dictionary attacks. We prove our system is secure in a proposed threat model. Finally we show feasibility through evaluating the execution time of the protocol.

패스워드 인증 키 교환 프로토콜(Password Authenticated Key Exchange: PAKE)은 서버와 클라이언트가 서로 인증하고 키를 교환하는 알고리즘이다. 패스워드를 여러 개의 서버에 나누어 저장해서, 모든 서버가 손상되지 않으면 패스워드나 키가 유출되지 않는 알고리즘은 다중 서버 PAKE다. 속성 기반 암호화 방식에서는 암호화 하는 주체가 원하는 속성을 모두 만족하여야 복호화가 가능한 특징이 있다. 본 논문에서는 속성 기반 암호화 방식의 속성 값을 패스워드로 보아, 공개키/개인키를 별도로 생성하지 않고 공개키 기반 암호화가 가능한 다중 서버 PAKE 프로토콜을 제안한다. 제안한 프로토콜은 서버 당 한 번의 메시지 교환이 필요하며 사전(dictionary) 공격에 안전하다. 또한 사전 공격에 대한 위협 모델을 제시하고 보안 분석을 통하여 안전성을 검증하였으며, 사용한 암호 알고리즘의 수행시간 측정을 통해 제안한 프로토콜의 실현가능성(feasibility)을 검토한다.

Keywords

References

  1. J.-C. Park, "A scheme for secure storage and retrieval of (ID, password) pairs using smart cards as secure and portable storages," J. KICS, vol. 39B, no. 06, pp. 333-340, Jun. 2014. https://doi.org/10.7840/kics.2014.39B.6.333
  2. X. Yi, et al., "ID-Based two-server passwordauthenticated key exchange," Springer: Computer Security -ESORICS 2014, vol. 8713, pp. 257-276, Sept. 2014.
  3. V. Goyal, et al., "Attribute-based encryption for fine-grained access control of encrypted data," in Proc. 13th ACM Conf. Comput. Commun. Security(CCS '06), pp. 89-98, VA, USA, Oct. 2006.
  4. S. M. Bellovin and M. Merritt, "Encrypted key exchange: Password-based protocol secure against dictionary attack," IEEE Symp. Research in Security and Privacy, pp. 72-84, Oakland, CA, May 1992.
  5. S. Halevi and H. Krawczyk, "Public-key cryptography and password protocols," ACM Trans. Inf. Syst. Security, vol. 2, no. 3, pp. 230-268, 1999. https://doi.org/10.1145/322510.322514
  6. X. Yi, et al., "Identity-based passwordauthenticated key exchange for client/server model," SECRYPT 2012, pp. 45-54, Rome, Italy, Jul. 2012.
  7. J. Xu, et al., "An improved smart card based password authentication scheme with provable security," Computer Standards & Interfaces, vol. 31, no. 4, pp. 723-728, Jun. 2008. https://doi.org/10.1016/j.csi.2008.09.006
  8. B. Cho and J. Park, "Technology review on multimodal biometric authentication," J. KICS, vol. 40, no. 1, Jan. 2015.
  9. J. Park, et al., "QR-code based mutual authentication system for web service," J. KICS, vol. 39B, no. 4, pp. 207-215, Apr. 2014. https://doi.org/10.7840/kics.2014.39B.4.207
  10. J. Katz, et al., "Two-server password-only authenticated key exchange," ACNS, vol. 3531 of LNCS, pp. 1-16, NY, USA, Jun. 2005.
  11. P. MacKenzie, et al., "Threshold passwordauthenticated key exchange," Crypto 2002, pp. 385-400, Califoria, USA, Aug. 2002.
  12. A. Shamir, "Identity based cryptosystems and signature schemes in advances in cryptology," CRYPTO 84, vol. 196 of LNCS, pp. 37-53, 1984.
  13. A. Sahai, et al., "Fuzzy identity based encryption in advances in cryptology," Eurocrypt, vol. 3494 of LNCS, pp. 457-473, 2005.
  14. E. Barker, et al., NIST Special Publication 800-57 Part3 Rev. 1: Recommendation for Key Management - Part1: General (Revision3), (2012), Retrived May 31, 2015, from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf
  15. S. Kwon, "Efficient tate pairing computation for elliptic curves over binary fields," ACISP, vol. 3574 of LNCS, pp. 134-145, Barisbane, Australia, Jul. 2005.
  16. K. Javeed, et al., "Efficient montgomery multiplier for pairing and elliptic curve based cryptography," 9th Int. Commun. Syst., Netw. & Digital Signal Process. (CSNDSP), pp. 255-260, Manchester, Jul. 2014.

Cited by

  1. 암호화된 영상의 데이터 은닉 기법의 오류 개선을 위한 섭동 함수 설계 vol.41, pp.3, 2015, https://doi.org/10.7840/kics.2016.41.3.307
  2. 위성환경에서의 Timestamp 기반 키 교환 프로토콜 vol.9, pp.2, 2015, https://doi.org/10.17661/jkiiect.2016.9.2.162