Skip to main content
SpringerLink
Log in

An Efficient and Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol with Smart Cards

  • Conference paper
Cryptology and Network Security (CANS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5888))

Included in the following conference series:

Abstract

Cross-realm client-to-client password-authenticated key agreement (C2C-PAKA) protocols provide an authenticated key exchange between two clients of different realms, who only share their passwords with their own servers. Recently, several such cross-realm C2C-PAKA protocols have been suggested in the private-key (symmetric) setting, but all of these protocols are found to be vulnerable to password-compromise impersonation attacks. In this paper, we propose our innovative C2C- PAKA-SC protocol in which smart cards are first utilized in the cross-realm setting so that it can resist all types of common attacks including password-compromise impersonation attacks and provide improved efficiency. Moveover, we modify the original formal security model to adapt our proposed protocol and present a corresponding security proof.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  2. Chen, L.: A weakness of the password-authenticated key agreement between clients with different passwords scheme, ISO/IEC JTC 1/SC27 N3716

    Google Scholar 

  3. Wang, S., Wang, J., Xu, M.: Weakness of a password-authenticated key exchange protocol between clients with different passwords. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 414–425. Springer, Heidelberg (2004)

    Google Scholar 

  4. Kim, J., Kim, S., Kwak, J., Won, D.: Cryptoanalysis and improvements of password authenticated key exchange scheme between clients with different passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3044, pp. 895–902. Springer, Heidelberg (2004)

    Google Scholar 

  5. Phan, R.C.-W., Goi, B.-M.: Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 33–39. Springer, Heidelberg (2005)

    Google Scholar 

  6. Yoon, E.J., Yoo, K.Y.: A secure password-authenticated key exchange between clients with different passwords. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb Workshops 2006. LNCS, vol. 3842, pp. 659–663. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Byun, J.W., Lee, D.H., Lim, J.I.: EC2C-PAKA: An efficient client-to-client passwordauthenticated key agreement. Information Science 177, 3995–4013 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  8. Yin, Y., Bao, L.: Secure cross-realm C2C-PAKE protocol. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 395–406. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Phan, R.C.-W., Goi, B.-M.: Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 104–117. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Feng, D.G., Xu, J.: A New Client-to-Client Password-Authenticated Key Agreement Protocol. In: Chee, Y.M., Li, C., Ling, S., Wang, H., Xing, C. (eds.) Proc. IWCC 2009. LNCS, vol. 5557, pp. 63–76. Springer, Heidelberg (2009)

    Google Scholar 

  11. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  12. Abdalla, M., Pointcheval, D.: Interactive diffie-hellman assumptions with applications to password-based authentication. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 341–356. Springer, Heidelberg (2005)

    Google Scholar 

  13. Abdalla, M., Fouque, P., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)

    Google Scholar 

  14. Lin, C., Sun, H., Steiner, M., Hwang, T.: Three-party encrypted key exchange without server public-keys. IEEE Communications Letters 5(12), 497–499 (2001)

    Article  Google Scholar 

  15. Yang, G., Wong, D.S., Wang, H., Deng, X.: Two-factor mutual authentication based on smart cards and passwords. J. Comput. System Sci. 74, 1160–1172 (2008)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, P.R. China

    Wenting Jin

  2. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China

    Jing Xu

Authors
  1. Wenting Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jing Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. AT&T Labs Research, Florham Park, NJ, USA

    Juan A. Garay

  2. Japan Advanced Institute of Science and Technology (JAIST), Nomi, Ishikawa, Japan

    Atsuko Miyaji

  3. National Institute of Advanced Industrial Science and Technoloy (AIST), Tokyo, Japan

    Akira Otsuka

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jin, W., Xu, J. (2009). An Efficient and Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol with Smart Cards. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds) Cryptology and Network Security. CANS 2009. Lecture Notes in Computer Science, vol 5888. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10433-6_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10433-6_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10432-9

  • Online ISBN: 978-3-642-10433-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation