×

Simple password-based three-party authenticated key exchange without server public keys. (English) Zbl 1192.68076

Summary: Password-based three-party authenticated key exchange protocols are extremely important to secure communications and are now extensively adopted in network communications. These protocols allow users to communicate securely over public networks simply by using easy-to-remember passwords. In considering authentication between a server and user, this study categorizes password-based three-party authenticated key exchange protocols into explicit server authentication and implicit server authentication. The former must achieve mutual authentication between a server and users while executing the protocol, while the latter only achieves authentication among users. This study presents two novel, simple and efficient three-party authenticated key exchange protocols. One protocol provides explicit server authentication, and the other provides implicit server authentication. The proposed protocols do not require server public keys. Additionally, both protocols have proven secure in the random oracle model. Compared with existing protocols, the proposed protocols are more efficient and provide greater security.

MSC:

68M12 Network protocols
68P25 Data encryption (aspects in computer science)
94A62 Authentication, digital signatures and secret sharing
PDF BibTeX XML Cite
Full Text: DOI

References:

[1] M. Abdalla, M. Bellare, P. Rogaway, The oracle Diffie-Hellman assumptions and an analysis of DHIES, in: D. Naccache (Ed.), Topics in Cryptology - CT-RSA 2001, Lecture Notes in Computer Science, vol. 2020, 2001, pp. 143-158. · Zbl 0991.94033
[2] M. Abdalla, O. Chevassut, P.-A. Fouque, D. Pointcheval, A simple threshold authenticated key exchange from short secrets, in: Advances in Cryptology - Proceedings of ASIACRYPT ’05, Lecture Notes in Computer Science, vol. 3788, 2005, pp. 566-588. · Zbl 1154.94446
[3] Abdalla, M.; Fouque, P.-A.; Pointcheval, D., Password-based authenticated key exchange in the three-party setting, IEE Proceedings – information security, 153, 1, 27-39, (2006)
[4] M. Abdalla, D. Pointcheval, Simple password-based authenticated key protocols, in: Topics in Cryptology - CT-RSA 2005, Lecture Notes in Computer Science, vol. 3376, 2005, pp. 191-208. · Zbl 1079.94529
[5] Bellare, M.; Kilian, J.; Rogaway, P., The security of the cipher block chaining message authentication code, Journal of computer and system sciences, 61, 3, 362-399, (2000) · Zbl 0970.68054
[6] Bellare, M.; Pointcheval, D.; Rogaway, P., Authenticated key exchange secure against dictionary attacks, Advances in cryptology – eurocrypt, 2000, 139-155, (2000) · Zbl 1082.94533
[7] M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in: First ACM Conference on Computer and Communications Security, 1993, pp. 62-73.
[8] M. Bellare, P. Rogaway, Provably secure session key distribution – the three party case, in: Proc. 28th ACM Symposium on the Theory of Computing, 1995, pp. 57-66. · Zbl 0916.94006
[9] S.M. Bellovin, M. Merrit, Encrypted key exchanged: password-based protocols secure against dictionary attacks, in: Proc., IEEE Symp. on Research in Security and Privacy, 1992, pp. 72-84.
[10] H.-R. Chung, W.-C. Ku, Impersonation attacks on a simple three-party key exchange protocol, in: 17th Information Security Conference, 2007.
[11] Chung, H.-R.; Ku, W.-C., Three weaknesses in a simple three-party key exchange protocol, Information sciences, 178, 220-229, (2008) · Zbl 1126.68319
[12] Diffie, W.; Hellman, M., New directions in cryptography, IEEE transactions on information theory, 22, 6, 644-654, (1976) · Zbl 0435.94018
[13] Ding, Y.; Horster, P., Undetectable on-line password guessing attacks, ACM operating systems review, 29, 4, 77-86, (1995)
[14] Gong, L., Efficient network authentication protocols: lower bounds and implementations, Distributed computing, 9, 3, 131-145, (1995)
[15] L. Gong, Optimal authentication protocols resistant to password guessing attacks, in: Proceedings of the 8th IEEE Computer Security Foundation Workshop, 1995, pp. 24-29.
[16] Guo, H.; Li, Z.; Mu, Y.; Zhang, X., Cryptanalysis of simple three-party key exchange protocol, Computers and security, 27, 16-21, (2008)
[17] Kim, H.-S.; Choi, J.-Y., Enhanced password-based simple three-party key exchange protocol, Computers and electrical engineering, 35, 1, 107-114, (2009) · Zbl 1162.68368
[18] Kwon, T.; Kang, M.; Jung, S.; Song, J., An improvement of the password-based authentication protocol (K1P) on security against replay attacks, IEICE transactions on communications, E82-B, 7, 991-997, (1999)
[19] Kwon, T.; Song, J., Efficient key exchange and authentication protocols protecting weak secrets, IEICE trans. fundamentals, E81-A, 1, 156-163, (1998)
[20] Lee, T.-F.; Hwang, T.; Lin, C.-L., Enhanced three-party encrypted key exchange without server public keys, Computers and security, 23, 7, 571-577, (2004)
[21] Lin, C.-L.; Sun, H.-M.; Hwang, T., Three-party encrypted key exchange: attacks and a solution, ACM operating systems review, 34, 4, 12-20, (2000)
[22] Lin, C.-L.; Sun, H.-M.; Steiner, M.; Hwang, T., Three-party encrypted key exchange without server public-keys, IEEE communications letters, 5, 12, 497-499, (2001)
[23] Lu, R.; u Cao, Z., Simple three-party key exchange protocol, Computers and security, 26, 1, 94-97, (2007)
[24] Phan, R.C.-W.; Yau, W.-C.; Goi, B.-M., Cryptanalysis of simple three-party key exchange protocol (S-3PAKE), Information sciences, 178, 13, 2849-2856, (2008) · Zbl 1256.94073
[25] V. Shoup, Sequences of games: A tool for taming complexity in security proofs. <http://www.shoup.net>, 2005.
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.