Efficient Two-Server Password-Only Authenticated Key Exchange

Password-authenticated key exchange (PAKE) is where a client and a server, who share a password, authenticate each other and meanwhile establish a cryptographic key by exchange of messages. In this setting, all the passwords necessary to authenticate clients are stored in a single server. If the ser...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on parallel and distributed systems 2013-09, Vol.24 (9), p.1773-1782
Main Authors: Yi, Xun, Ling, San, Wang, Huaxiong
Format: Article
Language:English
Subjects:
Authentication
Dictionaries
dictionary attack
Diffie-Hellman key exchange
ElGamal encryption
Encryption
Password-authenticated key exchange
Protocols
Servers
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Password-authenticated key exchange (PAKE) is where a client and a server, who share a password, authenticate each other and meanwhile establish a cryptographic key by exchange of messages. In this setting, all the passwords necessary to authenticate clients are stored in a single server. If the server is compromised, due to, for example, hacking or even insider attack, passwords stored in the server are all disclosed. In this paper, we consider a scenario where two servers cooperate to authenticate a client and if one server is compromised, the attacker still cannot pretend to be the client with the information from the compromised server. Current solutions for two-server PAKE are either symmetric in the sense that two peer servers equally contribute to the authentication or asymmetric in the sense that one server authenticates the client with the help of another server. This paper presents a symmetric solution for two-server PAKE, where the client can establish different cryptographic keys with the two servers, respectively. Our protocol runs in parallel and is more efficient than existing symmetric two-server PAKE protocol, and even more efficient than existing asymmetric two-server PAKE protocols in terms of parallel computation.
ISSN:1045-9219
1558-2183
DOI:10.1109/TPDS.2012.282