Three-Party Password Authenticated Key Agreement Resistant to Server Compromise
Most of password authenticated key agreement protocols have focused on the two-party setting where two communicating parties share a human-memorable password. In this paper, we study password authenticated key agreement in the three-party setting where both communicating parties share respective passwords with a trusted third party rather than themselves. Previous results in this area have lack of security concerns and are never considered in the augmented model which was contrived to resist server compromise. Our contribution is, from the practical perspective, a new three-party password authenticated key agreement protocol that is first designed in the augmented model and very flexible in its message flows.
KeywordsModular Exponentiation Mode Protocol Message Block Dictionary Attack Augmented Model
Unable to display preview. Download preview PDF.
- 1.Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)Google Scholar
- 4.Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: ACM Conference on Computer Communications Security, ACM Press, New York (2003)Google Scholar
- 6.IEEE P1363.2, Standard specifications for password-based PKC techniques, http://grouper.ieee.org/groups/1363/
- 7.Jablon, D.: Research Papers on Strong Password Authentication, http://www.jablon.org/passwordlinks.html
- 11.Lomas, M., Gong, L., Saltzer, J., Needham, R.: Reducing risks from poorly chosen keys. In: ACM Symposium on Operating System Principles, pp. 14–18. ACM Press, New York (1989)Google Scholar