Abstract
Authenticated Key Establishment (AKE) protocols enable two entities, say a client (or a user) and a server, to share common session keys in an authentic way. In this paper, we review AKE protocols from a little bit different point of view, i.e. the relationship between information a client needs to possess (for authentication) and immunity to the respective leakage of stored secrets from a client side and a server side. Since the information leakage would be more conceivable than breaking down the underlying cryptosystems, it is desirable to enhance the immunity to the leakage. First and foremost, we categorize AKE protocols according to how much resilience against the leakage can be provided. Then, we propose new AKE protocols that have immunity to the leakage of stored secrets from a client and a server (or servers), respectively. And we extend our protocols to be possible for updating secret values registered in server(s) or password remembered by a client.
Chapter PDF
Similar content being viewed by others
Keywords
- Secret Sharing Scheme
- Dictionary Attack
- Internet Engineer Task
- PAKE Protocol
- Threshold Secret Sharing Scheme
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abdalla, M., Miner, S., Namprempre, C.: Forward-Secure Threshold Signature Schemes. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 441–456. Springer, Heidelberg (2001)
Anderson, R.: Two Remarks on Public Key Cryptology. Technical Report, No. 549, University of Cambridge (December 2002)
Bresson, E., Chevassut, O., Pointcheval, D.: Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 497–514. Springer, Heidelberg (2002)
Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure against Dictioinary Attacks. In: Proc. of IEEE Symposium on Security and Privacy, pp. 72–84 (1992)
Bellare, M., Miner, S.: A Forward-Secure Digital Signature Scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)
Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Blakley, G.R.: Safeguarding Cryptographic Keys. In: Proc. of National Computer Conference 1979. AFIPS, vol. 48, pp. 313–317 (1979)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Proc. of ACM CCS 1993, pp. 62–73 (1993)
CERT Coordination Center, http://www.cert.org/
Canetti, R., Halevi, S., Katz, J.: A Forward-Secure Public-Key Encryption Scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)
Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-Insulated Public Key Cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)
Frier, Karlton, P., Kocher, P.: The SSL 3.0 Protocol. Netscape Communications Corp. (1996), http://wp.netscape.com/eng/ssl3/
Goldreich, O., Lindell, Y.: Session-Key Generation using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)
Gennaro, R., Lindell, Y.: A Framework for Password-based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003), A full paper is available at: http://eprint.iacr.org/2003/032
Herzberg, A., Jakobsson, M., Jarecki, S., Krawczyk, H., Yung, M.: Proactive Public Key and Signature Systems. In: Proc. of ACM CCS 1996, April 1997, pp. 100–110 (1996)
IEEE Std. 1363-2000. IEEE Standard Specifications for Public Key Cryptography. Main Document, August 29, pp. 53–57. IEEE, Los Alamitos (2000)
IEEE P1363.2. Standard Specifications for Password-based Public Key Cryptographic Techniques. Draft version 11, August 12 (2003)
IETF (Internet Engineering Task Force). Challenge Handshake Authentication Protocol, http://www.ietf.org/rfc/rfc1994.txt
IETF (Internet Engineering Task Force). IP Security Protocol (ipsec) Charter, http://www.ietf.org/html.charters/ipsec-charter.html
IETF (Internet Engineering Task Force). Secure Shell (secsh) Charter, http://www.ietf.org/html.charters/secsh-charter.html
IETF (Internet Engineering Task Force). Transport Layer Security (tls) Charter, http://www.ietf.org/html.charters/tls-charter.html
Itkis, G., Reyzin, L.: SiBIR: Signer-Base Intrusion-Resilient Signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)
Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. IETF RFC 2104 (1997), http://www.ietf.org/rfc/rfc2104.txt
Kobara, K., Imai, H.: Pretty-Simple Password-Authenticated Key-Exchange under Standard Assumptions. IACR ePrint Archieve (2003), http://eprint.iacr.org/2003/038
Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)
Kwon, T.: Authentication and Key Agreement via Memorable Password. In: Proc. of NDSS 2001 Symposium (2001)
MacKenzie, P.: More Efficient Password-Authenticated Key Exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001)
MacKenzie, P.: On the Security of the SPEKE Password-Authenticated Key Exchange Protocol. IACR ePrint Archieve (2001), http://eprint.iacr.org/2001/057/
Microsoft Corporation, http://www.microsoft.com/
MacKenzie, P., Patel, S., Swaminathan, R.: Password-Authenticated Key Exchange Based on RSA. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer, Heidelberg (2000)
MacKenzie, P., Shrimpton, T., Jakobsson, M.: Threshold Password- Authenticated Key Exchange. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 385–400. Springer, Heidelberg (2002)
Naor, M., Yung, M.: Universal One-Way Hash Functions and Their Cryptographic Applications. In: Proc. of STOC 1998, pp. 33–43 (1998)
Ostrovsky, R., Yung, M.: How to Withstand Mobile Virus Attacks. In: Proc. of 10th Annual ACM Symposium on Principles of Distributed Computing (1991)
Raimondo, M.D., Gennaro, R.: Provably Secure Threshold Password- Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 507–523. Springer, Heidelberg (2003)
Shamir: How to Share a Secret. Proc. of Communications of the ACM 22(11), 612–613 (1979)
A full version of this paper will appear in IACR ePrint Archieve
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shin, S., Kobara, K., Imai, H. (2003). Leakage-Resilient Authenticated Key Establishment Protocols. In: Laih, CS. (eds) Advances in Cryptology - ASIACRYPT 2003. ASIACRYPT 2003. Lecture Notes in Computer Science, vol 2894. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40061-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-40061-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20592-0
Online ISBN: 978-3-540-40061-5
eBook Packages: Springer Book Archive