Abstract
Key establishment protocols are used for distributing shared keying material in a secure manner. In 1995, Bellare and Rogaway presented a three-party server-based key distribution (3PKD) protocol. But the protocol was recently found insecure and then was fixed by Raymond Choo et al.. But forward-secrecy is not considered in the revised protocol. In this paper, we demonstrate that it is not forward secure indeed. We then revise the protocol to be a password-based authenticated key distribution in the three-party setting and prove our protocol is forward secure in the random-oracle and ideal-cipher models under the Password-based Chosen-basis Gap Diffie-Hellman assumption. Our protocol is quite simple and elegant, and rather efficient when compared to previous solutions.
This work was partially supported by a grant from the National High Technology Research and Development Program of China (863 Program) (No. 2007AA01Z471).
Chapter PDF
Similar content being viewed by others
References
Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proc. 1992 IEEE Computer Society Symp. on Research in security and Privacy, May 1992, pp. 72–84 (1992)
Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.-S.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)
Lin, C.-L., Sun, H.-M., Hwang, T.: Three-party encrypted key exchange: Attacks and a solution. ACM SIGOPS Operating Systems Review 34(4), 12–20 (2000)
Wang, S., Wang, J., Xu, M.: Weaknesses of a password-authenticated key exchange protocol between clients with different passwords. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 414–425. Springer, Heidelberg (2004)
Yeh, H.-T., Sun, H.-M., Hwang, T.: Efficient three-party authentication and key agreement protocols resistant to password guessing attacks. Journal of Information Science and Engineering 19(6), 1059–1070 (2003)
Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)
Abdalla, M., Pointcheval, D.: Interactive Diffie-Hellman Assumptions with Applications to Password-based Authentication. In: Patrick, S., Yung, A. (eds.) FC 2005. LNCS, vol. 3570, pp. 341–356. Springer, Heidelberg (2005), http://www.di.ens.fr/~pointche/pub.php
Wen, H.-A., Lee, T.-F., Hwang, T.: Provably secure three-party password-based authenticated key exchange protocol using Weil pairing. IEE Proceedings — Communications 152(2), 138–143 (2005)
Nam, J., Kim, S., Won, D.: Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing. In: Cryptology ePrint Archive, Report (2005), http://eprint.iacr.org/2005/269.ps
Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Examining Indistinguishability-Based Proof Models for Key Establishment Protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 585–604. Springer, Heidelberg (2005)
Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: The Three Party Case. In: 27th ACM Symposium on the Theory of Computing, pp. 57–66. ACM Press, New York (1995)
Choo, K.-K.R., Boyd, C., Hitchcock, Y., Maitland, G.: On Session Identifiers in Provably Secure Protocols—The Bellare-Rogaway Three-Party Key Distribution Protocol Revisited. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 352–367. Springer, Heidelberg (2005)
Abdalla, M., Bresson, E., Chevassut, O., Pointcheval, D.: Password-based Group Key Exchange in a Constant Number of Rounds. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 427–442. Springer, Heidelberg (2006)
Bellare, M., Rogaway, P.: Optimal asymmetric encryption: How to encrypt with RSA. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995), http://www-cse.ucsd.edu/users/mihir
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)
Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)
Okamoto, T., Pointcheval, D.: The Gap-Problems: a New Class of Problems for the Security of Cryptographic Schemes. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992. Springer, Heidelberg (2001)
Abdalla, M., Pointcheval, D.: Simple Password-Based Encrypted Key Exchange Protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)
Abdalla, M., Bresson, E., Chevassut, O., Möller, B., Pointcheval, D.: Provably Secure Password-Based Authentication in TLS. In: Proc. of at AsiaCCS 2006, Taipei, Taiwan, March 21-24 (2006)
Ding, Y., Horster, P.: Undetectable On-line Password Guessing Attacks. ACM Operating Systems Review 29(4), 77–86 (1995)
Black, J., Rogaway, P.: Ciphers with Arbitrary Finite Domains (manuscript, 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Wu, S., Zhu, Y. (2008). Forward Secure Password-Based Authenticated Key Distribution in the Three-Party Setting. In: Cao, J., Li, M., Wu, MY., Chen, J. (eds) Network and Parallel Computing. NPC 2008. Lecture Notes in Computer Science, vol 5245. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88140-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-88140-7_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88139-1
Online ISBN: 978-3-540-88140-7
eBook Packages: Computer ScienceComputer Science (R0)