Abstract
Three-party password-based authenticated key exchange (3PAKE) protocol is an important practical cryptographic primitive in the client-client communication environments, where two clients could generate a shared secure session key using their human-memorable passwords with a server’s help. Many 3PAKE protocols were proposed, but these protocols were only secure in the traditional model where no leakage attacks exist. In Mobile Internet, Wireless Networks and Sensor Networks environments, 3PAKE systems are very vulnerable to side-channel attacks. Therefore, it is very necessary to design 3PAKE protocols that are secure in the leakage environments. However, there is no previous works for formalizing the security model for leakage-resilient (LR) 3PAKE and designing the LR 3PAKE protocols. In the paper, we first define a continuous after-the-fact LR eCK-security model for 3PAKE and propose a LR 3PAKE protocol, then present a formal security proof in the standard model.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alawatugoda J, Boyd C, Stebila D (2014a) Continuous after-the-fact leakage-resilient key exchange. In: australasian conference on information security and privacy, pp 258–273
Alawatugoda J, Stebila D, Boyd C (2014b) Modelling after-the-fact leakage for key exchange. In: ACM symposium on information, computer and communications security, pp 207–216
Alawatugoda J, Stebila D, Boyd C (2015) Continuous after-the-fact leakage-resilient eck-secure key exchange. In: IMA international conference on cryptography and coding, pp 277–294
Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: international conference on the theory and applications of cryptographic techniques, pp 139–155
Bellovin SM, Merritt M (1992) Encrypted key exchange: Password-based protocols secureagainst dictionary attacks. In: IEEE symposium on research in security and privacy, pp 72–84
Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. Adva Cryptol EUROCRYPT 2045:453–474
Chasaki D, Mansour C (2015) Security challenges in the internet of things. Int J Space Based Situat Comput 5(3):141–149
Chen HC, Mao CH, Lin YT, Kung TL, Weng CE (2016a) A secure group-based mobile chat protocol. J Ambient Intell Hum Comput 7(5):693–703
Chen R, Mu Y, Yang G, Susilo W, Guo F (2016b) Strongly leakage-resilient authenticated key exchange. In: Cryptographers track at the RSA conference, pp 19–36
Davì F, Dziembowski S, Venturi D (2010) Leakage-resilient storage. SCN, vol 6280. Lecture Notes in Computer Science. Springer, Berlin, pp 121–137
Dziembowski S, Faust S (2011) Leakage-resilient cryptography from the inner-product extractor. In: Advances in cryptology - ASIACRYPT 2011 - international conference on the theory and application of cryptology and information security, Seoul, Proceedings, pp 702–721
Farash MS, Attari MA (2014a) An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps. Nonlinear Dyn 77(1–2):399–411
Farash MS, Attari MA (2014b) An efficient client–client password-based authentication scheme with provable security. J Supercomput 70(2):1002–1022
Goldreich O, Lindell Y (2006) Session-key generation using human passwords only. J Cryptol 19(3):241–340
Goyal V (2012) Positive results for concurrently secure computation in the plain model. In: foundations of computer science, pp 41–50
Hu C, Liu P, Guo S (2016) Public key encryption secure against related-key attacks and key-leakage attacks from extractable hash proofs. J Ambient Intell Hum Comput 7(5):1–12
Jin WB, Dong HL, Lim JI (2007) Ec2c-paka: An efficient client-to-client password-authenticated key agreement. Inf Sci 177(19):3995–4013
Katz J, Ostrovsky R, Yung M (2009) Efficient and secure authenticated key exchange using weak passwords. J ACM 57(1):78–116
Katz J, Mackenzie P, Taban G, Gligor V (2012) Two-server password-only authenticated key exchange. J Comput Syst Sci 78(2):651–669
Krawczyk H (2008) On extract-then-expand key derivation functions and an hmac-based kdf. http://webee.technion.ac.il/~hugo/kdf/kdf.pdf
Lamacchia B, Lauter K, Mityagin A (2007) Stronger security of authenticated key exchange. In: International conference on provable security, pp 1–16
Li S, Zhang F (2013) Leakage-resilient identity-based encryption scheme. Int J Grid Utility Comput 4(2/3):187–196
Mackenzie PD, Patel S, Swaminathan R (2000) Password-authenticated key exchange based on RSA. In: International conference on the theory and application of cryptology and information security, pp 599–613
Moriyama D, Okamoto T (2011) Leakage resilient ECK-secure key exchange protocol without random oracles. In: ACM symposium on information, computer and communications security, pp 441–447
Ou R, Kumar N, He D, Lee JH (2015) Efficient provably secure password-based explicit authenticated key agreement. Pervas Mob Comput 24(12):50–60
Ou R, Zhang Y, Zhang M, Zhou J, Harn L (2017) After-the-fact leakage-resilient identity-based authenticated key exchange. IEEE Syst J (99):1–10
Pu Q, Wang J, Wu S, Fu J (2013) Secure verifier-based three-party password-authenticated key exchange. Peer–Peer Netw Appl 6(1):15–25
Ran C, Dachman-Soled D, Vaikuntanathan V, Wee H (2012) Efficient password authenticated key exchange via oblivious transfer. Int Conf Pract Theory Public Key Cryptogr 7293:449–466
Tso R (2013) Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol. J Supercomput 66(2):863–874
Wang Q, Ou R, Wang Z (2018) Security analysis and improvements of three-party password-based authenticated key exchange protocol. Springer, Cham, pp 497–508
Wang Y, Ma J, Lu X, Lu D, Zhang L (2016) Efficiency optimisation signature scheme for time-critical multicast data origin authentication. Int J Grid Utility Comput 7(1):1–11
Wu S, Pu Q, Wang S, He D (2012) Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol. Inf Sci 215(1):83–96
Xie Q, Dong N, Tan X, Wong DS, Wang G (2013) Improvement of a three-party password-based key exchange protocol with formal verification. Inf Technol Control 42(3):231–237
Xiong H, Chen Y, Guan Z, Chen Z (2013) Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys. Inf Sci 235(1):329–340
Yamamoto N (2016) An improved group discussion system for active learning using smartphone and its experimental evaluation. Int J Space Based Situat Comput 6(4):221–227
Yang JH, Cao TJ (2012) Provably secure three-party password authenticated key exchange protocol in the standard model. J Syst Softw 85(2):340–350
Zhao J, Gu D (2012) Provably secure three-party password-based authenticated key exchange protocol. Inf Sci 184(1):310–323
Acknowledgements
The work was supported by the Natural Science Foundation of Hubei Province of China (No. 2017CFB596) and the Green Industry Technology Leading Project of Hubei University of Technology (No. ZZTS2017006).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ruan, O., Wang, Q. & Wang, Z. Provably leakage-resilient three-party password-based authenticated key exchange. J Ambient Intell Human Comput 10, 163–173 (2019). https://doi.org/10.1007/s12652-017-0628-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-017-0628-8