Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information and Communications Security

ICICS 2002: Information and Communications Security pp 134–146Cite as

Password-Authenticated Key Exchange between Clients with Different Passwords

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2513))

Abstract

Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Pas sword-Authenticated Key Exchange (C2C-PAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Bellare, D. Pointcheval and P. Rogaway, “Authenticated key exchange secure against dictionary attacks”, Eurocrypt’00, LNCS Vol. 1807, pp. 139–155, Springer-Verlag, 2000.

    Google Scholar 

  2. S. Bellovin and M. Merrit, “Encrypted key exchange: password based protocols secure against dictionary attacks”, In Proceedings of the Symposium on Security and Privacy, pp. 72–84, IEEE, 1992.

    Google Scholar 

  3. C. Boyd, A. Mathuria, “Key establishment protocols for secure mobile communications: A selective survey”, ACISP’98, LNCS Vol. 1438, pp. 344–355, Springer-Verlag, 1998.

    Google Scholar 

  4. V. Boyko, P. MacKenzie, and S. Patel, “Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman”, Eurocrypt’00, LNCS Vol. 1807, pp. 156–171, Springer-Verlag, 2000

    Google Scholar 

  5. G. D. Crescenzo, O. Kornievskaia, “Efficient kerberized multicast in a practical distributed setting”, ISC’01, LNCS Vol. 2200, pp. 27–45, Springer-Verlag, 2001.

    Google Scholar 

  6. D. Denning, G. Sacco, “Timestamps in key distribution protocols”, Communications of the ACM, Vol. 24, No. 8, pp. 533–536, 1981.

    Article  Google Scholar 

  7. D. Jablon, “Strong password-only authenticated key exchange”, Computer Communication Review, Vol. 26, No. 5, pp. 5–26, 1996.

    Article  Google Scholar 

  8. O. Goldreich and Y. Lindell, “Session-Key Generation Using Human Passwords Only”, Crypto’01, LNCS Vol. 2139, pp. 408–432, Springer-Verlag, 2001.

    Google Scholar 

  9. B. Jaspan, “Dual-workfactor encrypted key exchange: Efficiency preventing password chaining attacks”, In Proceedings of the sixth annual USENIX security conference, pp. 43–50, July 1996.

    Google Scholar 

  10. M. Hur, B. Tung, T. Ryutov, C. Neuman, A. Medvinsky, G. Tsudik, and B. Sommerfeld, “Pulbic key cryptography for cross-realm authentication in kerberos”, Internet draft, May 2001.

    Google Scholar 

  11. J. Katz, R. Ostrovsky and M. Yung, “Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords”, Eurocrypt’01, LNCS Vol. 2045, pp. 475–494, Springer-Verlag, 2001.

    Google Scholar 

  12. S. Lucks, “Open key exchange: How to defeat dictionary attacks without encryting public keys”, The security Protocol Workshop’ 97, pp. 79–90, 1997.

    Google Scholar 

  13. M. Steiner, G. Tsudik, and M. Waider, “Refinement and extension of encrypted key exchange”, A CM Operation Sys. Review, Vol. 29, No. 3, pp. 22–30, 1995.

    Article  Google Scholar 

  14. S. P. Miller, B. C. Neuman, J. I. Schiller, J. H. Saltzer, “Kerberos Authentication and Authorization System”, Section E.2.1, Project Athena Technical Plan, M.I.T. October 1988.

    Google Scholar 

  15. T. Wu, “Secure Remote Password Protocol”, In Proceedings of the Internet Society Network and Distributed System Security Symposium, pp. 97–111, 1998.

    Google Scholar 

  16. T. Wu, “A Real-World Analysis of Kerberos Password Security”, In Proceedings of the Internet Society Network and Distributed System Security Symposium, 1999.

    Google Scholar 

  17. V. Varadharajan and Y. Mu, “On the Design of Security Protocols for Mobile Communications”, In Proceedings of Twelfth Annual Computer Security Applications Conference, pp. 78–87. IEEE Computer Society Press, 1996.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Information Security Technologies(CIST), Korea University, Anam Dong, Sungbuk Gu, Seoul, Korea

    Jin Wook Byun, Ik Rae Jeong & Dong Hoon Lee

  2. Division of Computer Science & Electronics, Dankook University, Cheonan, Korea

    Chang-Seop Park

Authors
  1. Jin Wook Byun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ik Rae Jeong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dong Hoon Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chang-Seop Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Labs for Information Technology, 21 Heng Mui Keng Terrace, Singapore, 119613

    Robert Deng , Feng Bao  & Jianying Zhou ,  & 

  2. Engineering Research Center for Information Security Technology, Chinese Academy of Sciences, P.O. Box 8718, Beijing, 100080, China

    Sihan Qing

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Byun, J.W., Jeong, I.R., Lee, D.H., Park, CS. (2002). Password-Authenticated Key Exchange between Clients with Different Passwords. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_12

Download citation

  • DOI: https://doi.org/10.1007/3-540-36159-6_12

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00164-5

  • Online ISBN: 978-3-540-36159-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation