Abstract
Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server’s password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.
The first and third authors were supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Assessment) and the second author was supported by grant for International Cooperative Research from National Institute of Information and Communication (Theme: “A Research on Scalable Information Security Infrastructure on Ubiquitous Networks”). This work was done while the first author visits in Kyushu University, Japan.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abdalla, M., Bresson, E., Chevassut, O., Essiari, A., Möller, B., Pointcheval, D.: Provably Secure Password-Based Authentication in TLS. In: Proc. of ASIACCS 2006, pp. 35–45. ACM Press, New York (2006)
Abdalla, M., Chevassut, O., Pointcheval, D.: One-Time Verifier-Based Encrypted Key Exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005)
Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)
Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks. In: Proc. of the Symposium on Security and Privacy, pp. 72–84. IEEE Computer Society, Los Alamitos (1992)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bresson, E., Chevassut, O., Pointcheval, D.: Security Proofs for an Efficient Password-Based Key Exchange. In: Proc. of the 10th ACM Conference on Computer and Communications Security, pp. 241–250. ACM Press, New York (2003)
Bresson, E., Chevassut, O., Pointcheval, D.: New Security Results on Encrypted Key Exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)
Bellovin, S., Merritt, M.: Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password-file compromise. In: ACM Conference on Computer and Communications Security, pp. 244–250 (1993)
Boyko, V., MacKenzie, P.D., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Denning, D., Sacco, G.M.: Timestamps in Key Distribution Protocols. Communications of the ACM 24(8), 533–536 (1981)
Gentry, C., MacKenzie, P., Ramzan, Z.: PAK-Z+, Contributions to IEEE P1363 (August 2005), available from: http://grouper.ieee.org/groups/1363/
Goldreich, O., Lindell, Y.: Session-Key Generation Using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)
Hwang, Y.H., Yum, D.H., Lee, P.J.: EPA: An Efficient Password-Based Protocol for Authenticated Key Exchange. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 452–463. Springer, Heidelberg (2003)
Jablon, D.: Extended password key exchange protocols immune to dictionary attack. In: Proc. of WETICE 1997 Workshop on Enterprise Security (1997)
Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)
Katz, J., Ostrovsky, R., Yung, M.: Forward Secrecy in Password-Only Key Exchange Protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 29–44. Springer, Heidelberg (2003)
Kwon, T.: Ultimate Solution to Authentication via Memorable Password, Contributions to IEEE p. 1363 (May 2000), available from: http://grouper.ieee.org/groups/1363/
Kwon, J.O., Sakurai, K., Lee, D.H.: Full version of this paper, available at: http://cist.korea.ac.kr/~pitapat/VBTS200610.ps
Kwon, T., Song, J.: Secure agreement scheme for gxy via password authentication. Electronics Letters 35(11), 892–893 (1999)
MacKenzie, P.D.: More Efficient Password-Authenticated Key Exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001)
MacKenzie, P., Swaminathan, R.: Secure network authentication with password identification, Presented to IEEE P1363a (August 1999)
Steiner, M., Buhler, P., Eirich, T., Waidner, M.: Secure Password-Based Cipher Suite for TLS. ACM Transactions on Information and System Security (TISSEC) 4(2), 134–157 (2001)
Wu, T.: Secure remote password protocol. In: Proc. of the ISOC NDSS Symposium, pp. 99–111 (1998)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2006 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kwon, J.O., Sakurai, K., Lee, D.H. (2006). One-Round Protocol for Two-Party Verifier-Based Password-Authenticated Key Exchange. In: Leitold, H., Markatos, E.P. (eds) Communications and Multimedia Security. CMS 2006. Lecture Notes in Computer Science, vol 4237. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11909033_8
Download citation
DOI: https://doi.org/10.1007/11909033_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-47820-1
Online ISBN: 978-3-540-47823-2
eBook Packages: Computer ScienceComputer Science (R0)