Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under...

Full description

Saved in:
Bibliographic Details
Published in:TheScientificWorld 2014-01, Vol.2014 (2014), p.1-11
Main Authors: Paik, Juryon, Kim, Jinsoo, Kang, Hyun-Kyu, Kim, Junghwan, Choo, Kim-Kwang Raymond, Nam, Junghyun, Won, Dongho
Format: Article
Language:English
Subjects:
Access control (Computers)
Algorithms
Computer engineering
Computer Security
Conflicts of interest
Cybersecurity
Data security
Design
Game Theory
Information Storage and Retrieval - methods
Methods
Network security
Protocol
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.
ISSN:2356-6140
1537-744X
1537-744X
DOI:10.1155/2014/825072