Password-Based Authenticated Key Exchange in the Three-Party Setting
نویسندگان
چکیده
Password-based authenticated key exchange are protocols which are designed to be secure even when the secret key or password shared between two users is drawn from a small set of values. Due to the low entropy of passwords, such protocols are always subject to online guessing attacks. In these attacks, the adversary may succeed with non-negligible probability by guessing the password shared between two users during its on-line attempt to impersonate one of these users. The main goal of password-based authenticated key exchange protocols is to restrict the adversary to this case only. In this paper, we consider password-based authenticated key exchange in the three-party scenario, in which the users trying to establish a secret do not share a password between themselves but only with a trusted server. Towards our goal, we recall some of the existing security notions for password-based authenticated key exchange protocols and introduce new ones that are more suitable to the case of generic constructions. We then present a natural generic construction of a three-party protocol, based on any two-party authenticated key exchange protocol, and prove its security without making use of the Random Oracle model. To the best of our knowledge, the new protocol is the first provably-secure password-based protocol in the three-party setting.
منابع مشابه
Efficient verifier-based password-authenticated key exchange in the three-party setting
In the last few years, researchers have extensively studied the password-authenticated key exchange (PAKE) in the three-party setting. The fundamental security goal of PAKE is security against dictionary attacks. The protocols for verifier-based PAKE are additionally required to be secure against server compromise. Some verifier-based PAKE schemes in the three-party setting have been suggested ...
متن کاملInteractive Diffie-Hellman Assumptions with Applications to Password-Based Authentication
The area of password-based authenticated key exchange protocols has been the subject of a vast amount of work in the last few years due to its practical aspects. In these protocols, the goal is to enable users communicating over an unreliable channel to establish a secure session key even when the secret key that they share is drawn from a small set of values. Despite the attention given to it,...
متن کاملTwo-Round Password-Only Authenticated Key Exchange in the Three-Party Setting
We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptio...
متن کاملSecurity Analysis and Enhancements of Verifier-Based Password-Authenticated Key Exchange Protocols in the Three-Party Setting
This paper investigates verifier-based password authenticated key exchange (PAKE) protocols in the three party setting. We first show that the protocol recently proposed by Li et al. is vulnerable to off-line dictionary attack and unknown key-share attack. Moreover, we also show that the direct elliptic curve (EC) analog of the DL based protocol proposed by Kwon et al. can’t resist the off-line...
متن کاملAtLast: Another Three-party Lattice-based PAKE Scheme
Password-based Authenticated Key Exchange (PAKE) protocol assumes that the parties share a low-entropy, easy-to-remember password to achieve the authentication with a high-entropy session key. PAKE protocols can be employed to hand-held devices for access control of sensitive personal data remotely. For communication with more than one user, the user needs to remember all passwords between othe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2004 شماره
صفحات -
تاریخ انتشار 2004