Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under...

Full description

Saved in:
Bibliographic Details
Published in:TheScientificWorld 2014-01, Vol.2014 (2014), p.1-11
Main Authors: Paik, Juryon, Kim, Jinsoo, Kang, Hyun-Kyu, Kim, Junghwan, Choo, Kim-Kwang Raymond, Nam, Junghyun, Won, Dongho
Format: Article
Language:English
Subjects:
Access control (Computers)
Algorithms
Computer engineering
Computer Security
Conflicts of interest
Cybersecurity
Data security
Design
Game Theory
Information Storage and Retrieval - methods
Methods
Network security
Protocol
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c572t-6725be4517f8411d0a017546c53be757ff7197bb2d3e724b2d2e7251e63136753
cites cdi_FETCH-LOGICAL-c572t-6725be4517f8411d0a017546c53be757ff7197bb2d3e724b2d2e7251e63136753
container_end_page 11
container_issue 2014
container_start_page 1
container_title TheScientificWorld
container_volume 2014
creator Paik, Juryon
Kim, Jinsoo
Kang, Hyun-Kyu
Kim, Junghwan
Choo, Kim-Kwang Raymond
Nam, Junghyun
Won, Dongho
description Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.
doi_str_mv 10.1155/2014/825072
format article
fullrecord <record><control><sourceid>gale_doaj_</sourceid><recordid>TN_cdi_doaj_primary_oai_doaj_org_article_9905b5610b8f4eeebf5ba738c79454b5</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><galeid>A413713192</galeid><doaj_id>oai_doaj_org_article_9905b5610b8f4eeebf5ba738c79454b5</doaj_id><sourcerecordid>A413713192</sourcerecordid><originalsourceid>FETCH-LOGICAL-c572t-6725be4517f8411d0a017546c53be757ff7197bb2d3e724b2d2e7251e63136753</originalsourceid><addsrcrecordid>eNqNkkFv1DAQhSMEotvCiTuKxAWB0npsT7y5IK2qAhVFXalF4mY5zmTjVTYuTtLt_nu8pFQtJ-TDSONvnmfGL0neADsGQDzhDOTJnCNT_FkyAxQqU1L-fJ7MuMA8y0Gyg-Sw79eMibkCfJkccFkoxXkxS8zS9P3Whyq77NpduhiHhrrBWTNQlV43gShbmjDs0m-0S8_ubGO6FaVbNzTpMvhbU7aUXpEdg4uM69JYnl4NpqtMqNLvvqL2VfKiNm1Pr-_jUfLj89n16dfs4vLL-eniIrOo-JDlimNJEkHVcwlQMcNAocwtipIUqrpWUKiy5JUgxWWMPEYEygWIXKE4Ss4n3cqbtb4JbmPCTnvj9J-EDysdB3G2JV0UDEvMgZXzWhJRWWNplJhbVUiU5V7r06R1M5YbqmxcSTDtE9GnN51r9MrfaslYAcijwPt7geB_jdQPeuN6S21rOvJjrwElZ0wh5hF99w-69mPo4qoileeIgGpPHU_UysQBXFf7-K6Np6KNs76j2sX8QoJQIKDYd_BxKrDB932g-qF7YHrvG733jZ58E-m3jwd-YP8aJQIfJqBx8W-37v_UKCJUm0cwAgchfgMCedJW</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1566551576</pqid></control><display><type>article</type><title>Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model</title><source>Open Access: PubMed Central</source><source>Publicly Available Content Database</source><source>Wiley-Blackwell Open Access Titles(OpenAccess)</source><creator>Paik, Juryon ; Kim, Jinsoo ; Kang, Hyun-Kyu ; Kim, Junghwan ; Choo, Kim-Kwang Raymond ; Nam, Junghyun ; Won, Dongho</creator><contributor>Cao, T. ; Yu, F. ; Ivanovic, M.</contributor><creatorcontrib>Paik, Juryon ; Kim, Jinsoo ; Kang, Hyun-Kyu ; Kim, Junghwan ; Choo, Kim-Kwang Raymond ; Nam, Junghyun ; Won, Dongho ; Cao, T. ; Yu, F. ; Ivanovic, M.</creatorcontrib><description>Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.</description><identifier>ISSN: 2356-6140</identifier><identifier>ISSN: 1537-744X</identifier><identifier>EISSN: 1537-744X</identifier><identifier>DOI: 10.1155/2014/825072</identifier><identifier>PMID: 24977229</identifier><language>eng</language><publisher>Cairo, Egypt: Hindawi Publishing Corporation</publisher><subject>Access control (Computers) ; Algorithms ; Computer engineering ; Computer Security ; Conflicts of interest ; Cybersecurity ; Data security ; Design ; Game Theory ; Information Storage and Retrieval - methods ; Methods ; Network security ; Protocol</subject><ispartof>TheScientificWorld, 2014-01, Vol.2014 (2014), p.1-11</ispartof><rights>Copyright © 2014 Junghyun Nam et al.</rights><rights>COPYRIGHT 2014 John Wiley &amp; Sons, Inc.</rights><rights>Copyright © 2014 Junghyun Nam et al. Junghyun Nam et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.</rights><rights>Copyright © 2014 Junghyun Nam et al. 2014</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c572t-6725be4517f8411d0a017546c53be757ff7197bb2d3e724b2d2e7251e63136753</citedby><cites>FETCH-LOGICAL-c572t-6725be4517f8411d0a017546c53be757ff7197bb2d3e724b2d2e7251e63136753</cites><orcidid>0000-0002-5208-1338 ; 0000-0001-9208-5336</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://www.proquest.com/docview/1566551576/fulltextPDF?pq-origsite=primo$$EPDF$$P50$$Gproquest$$Hfree_for_read</linktopdf><linktohtml>$$Uhttps://www.proquest.com/docview/1566551576?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>230,314,727,780,784,885,25753,27924,27925,37012,37013,44590,53791,53793,75126</link.rule.ids><backlink>$$Uhttps://www.ncbi.nlm.nih.gov/pubmed/24977229$$D View this record in MEDLINE/PubMed$$Hfree_for_read</backlink></links><search><contributor>Cao, T.</contributor><contributor>Yu, F.</contributor><contributor>Ivanovic, M.</contributor><creatorcontrib>Paik, Juryon</creatorcontrib><creatorcontrib>Kim, Jinsoo</creatorcontrib><creatorcontrib>Kang, Hyun-Kyu</creatorcontrib><creatorcontrib>Kim, Junghwan</creatorcontrib><creatorcontrib>Choo, Kim-Kwang Raymond</creatorcontrib><creatorcontrib>Nam, Junghyun</creatorcontrib><creatorcontrib>Won, Dongho</creatorcontrib><title>Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model</title><title>TheScientificWorld</title><addtitle>ScientificWorldJournal</addtitle><description>Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.</description><subject>Access control (Computers)</subject><subject>Algorithms</subject><subject>Computer engineering</subject><subject>Computer Security</subject><subject>Conflicts of interest</subject><subject>Cybersecurity</subject><subject>Data security</subject><subject>Design</subject><subject>Game Theory</subject><subject>Information Storage and Retrieval - methods</subject><subject>Methods</subject><subject>Network security</subject><subject>Protocol</subject><issn>2356-6140</issn><issn>1537-744X</issn><issn>1537-744X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><sourceid>DOA</sourceid><recordid>eNqNkkFv1DAQhSMEotvCiTuKxAWB0npsT7y5IK2qAhVFXalF4mY5zmTjVTYuTtLt_nu8pFQtJ-TDSONvnmfGL0neADsGQDzhDOTJnCNT_FkyAxQqU1L-fJ7MuMA8y0Gyg-Sw79eMibkCfJkccFkoxXkxS8zS9P3Whyq77NpduhiHhrrBWTNQlV43gShbmjDs0m-0S8_ubGO6FaVbNzTpMvhbU7aUXpEdg4uM69JYnl4NpqtMqNLvvqL2VfKiNm1Pr-_jUfLj89n16dfs4vLL-eniIrOo-JDlimNJEkHVcwlQMcNAocwtipIUqrpWUKiy5JUgxWWMPEYEygWIXKE4Ss4n3cqbtb4JbmPCTnvj9J-EDysdB3G2JV0UDEvMgZXzWhJRWWNplJhbVUiU5V7r06R1M5YbqmxcSTDtE9GnN51r9MrfaslYAcijwPt7geB_jdQPeuN6S21rOvJjrwElZ0wh5hF99w-69mPo4qoileeIgGpPHU_UysQBXFf7-K6Np6KNs76j2sX8QoJQIKDYd_BxKrDB932g-qF7YHrvG733jZ58E-m3jwd-YP8aJQIfJqBx8W-37v_UKCJUm0cwAgchfgMCedJW</recordid><startdate>20140101</startdate><enddate>20140101</enddate><creator>Paik, Juryon</creator><creator>Kim, Jinsoo</creator><creator>Kang, Hyun-Kyu</creator><creator>Kim, Junghwan</creator><creator>Choo, Kim-Kwang Raymond</creator><creator>Nam, Junghyun</creator><creator>Won, Dongho</creator><general>Hindawi Publishing Corporation</general><general>John Wiley &amp; Sons, Inc</general><general>Hindawi Limited</general><scope>ADJCN</scope><scope>AHFXO</scope><scope>RHU</scope><scope>RHW</scope><scope>RHX</scope><scope>CGR</scope><scope>CUY</scope><scope>CVF</scope><scope>ECM</scope><scope>EIF</scope><scope>NPM</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7QP</scope><scope>7TK</scope><scope>7TM</scope><scope>7X2</scope><scope>7X7</scope><scope>7XB</scope><scope>88E</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FH</scope><scope>8FI</scope><scope>8FJ</scope><scope>8FK</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>ATCPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>BHPHI</scope><scope>CCPQU</scope><scope>CWDGH</scope><scope>DWQXO</scope><scope>FR3</scope><scope>FYUFA</scope><scope>GHDGH</scope><scope>HCIFZ</scope><scope>K9.</scope><scope>M0K</scope><scope>M0S</scope><scope>M1P</scope><scope>P5Z</scope><scope>P62</scope><scope>P64</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>RC3</scope><scope>7X8</scope><scope>5PM</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-5208-1338</orcidid><orcidid>https://orcid.org/0000-0001-9208-5336</orcidid></search><sort><creationdate>20140101</creationdate><title>Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model</title><author>Paik, Juryon ; Kim, Jinsoo ; Kang, Hyun-Kyu ; Kim, Junghwan ; Choo, Kim-Kwang Raymond ; Nam, Junghyun ; Won, Dongho</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c572t-6725be4517f8411d0a017546c53be757ff7197bb2d3e724b2d2e7251e63136753</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><topic>Access control (Computers)</topic><topic>Algorithms</topic><topic>Computer engineering</topic><topic>Computer Security</topic><topic>Conflicts of interest</topic><topic>Cybersecurity</topic><topic>Data security</topic><topic>Design</topic><topic>Game Theory</topic><topic>Information Storage and Retrieval - methods</topic><topic>Methods</topic><topic>Network security</topic><topic>Protocol</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Paik, Juryon</creatorcontrib><creatorcontrib>Kim, Jinsoo</creatorcontrib><creatorcontrib>Kang, Hyun-Kyu</creatorcontrib><creatorcontrib>Kim, Junghwan</creatorcontrib><creatorcontrib>Choo, Kim-Kwang Raymond</creatorcontrib><creatorcontrib>Nam, Junghyun</creatorcontrib><creatorcontrib>Won, Dongho</creatorcontrib><collection>الدوريات العلمية والإحصائية - e-Marefa Academic and Statistical Periodicals</collection><collection>معرفة - المحتوى العربي الأكاديمي المتكامل - e-Marefa Academic Complete</collection><collection>Hindawi Publishing Complete</collection><collection>Hindawi Publishing Subscription Journals</collection><collection>Hindawi Publishing Open Access</collection><collection>Medline</collection><collection>MEDLINE</collection><collection>MEDLINE (Ovid)</collection><collection>MEDLINE</collection><collection>MEDLINE</collection><collection>PubMed</collection><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>Calcium &amp; Calcified Tissue Abstracts</collection><collection>Neurosciences Abstracts</collection><collection>Nucleic Acids Abstracts</collection><collection>Agricultural Science Collection</collection><collection>Health &amp; Medical Complete (ProQuest Database)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>Medical Database (Alumni Edition)</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Natural Science Collection</collection><collection>Hospital Premium Collection</collection><collection>Hospital Premium Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>Agricultural &amp; Environmental Science Collection</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest Natural Science Collection</collection><collection>ProQuest One Community College</collection><collection>Middle East &amp; Africa Database</collection><collection>ProQuest Central</collection><collection>Engineering Research Database</collection><collection>Health Research Premium Collection</collection><collection>Health Research Premium Collection (Alumni)</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Health &amp; Medical Complete (Alumni)</collection><collection>Agricultural Science Database</collection><collection>Health &amp; Medical Collection (Alumni Edition)</collection><collection>Medical Database</collection><collection>ProQuest advanced technologies &amp; aerospace journals</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>Biotechnology and BioEngineering Abstracts</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>Genetics Abstracts</collection><collection>MEDLINE - Academic</collection><collection>PubMed Central (Full Participant titles)</collection><collection>Directory of Open Access Journals</collection><jtitle>TheScientificWorld</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Paik, Juryon</au><au>Kim, Jinsoo</au><au>Kang, Hyun-Kyu</au><au>Kim, Junghwan</au><au>Choo, Kim-Kwang Raymond</au><au>Nam, Junghyun</au><au>Won, Dongho</au><au>Cao, T.</au><au>Yu, F.</au><au>Ivanovic, M.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model</atitle><jtitle>TheScientificWorld</jtitle><addtitle>ScientificWorldJournal</addtitle><date>2014-01-01</date><risdate>2014</risdate><volume>2014</volume><issue>2014</issue><spage>1</spage><epage>11</epage><pages>1-11</pages><issn>2356-6140</issn><issn>1537-744X</issn><eissn>1537-744X</eissn><abstract>Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.</abstract><cop>Cairo, Egypt</cop><pub>Hindawi Publishing Corporation</pub><pmid>24977229</pmid><doi>10.1155/2014/825072</doi><tpages>11</tpages><orcidid>https://orcid.org/0000-0002-5208-1338</orcidid><orcidid>https://orcid.org/0000-0001-9208-5336</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2356-6140
ispartof TheScientificWorld, 2014-01, Vol.2014 (2014), p.1-11
issn 2356-6140
1537-744X
1537-744X
language eng
recordid cdi_doaj_primary_oai_doaj_org_article_9905b5610b8f4eeebf5ba738c79454b5
source Open Access: PubMed Central; Publicly Available Content Database; Wiley-Blackwell Open Access Titles(OpenAccess)
subjects Access control (Computers)
Algorithms
Computer engineering
Computer Security
Conflicts of interest
Cybersecurity
Data security
Design
Game Theory
Information Storage and Retrieval - methods
Methods
Network security
Protocol
title Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T09%3A23%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-gale_doaj_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Password-Only%20Authenticated%20Three-Party%20Key%20Exchange%20with%20Provable%20Security%20in%20the%20Standard%20Model&rft.jtitle=TheScientificWorld&rft.au=Paik,%20Juryon&rft.date=2014-01-01&rft.volume=2014&rft.issue=2014&rft.spage=1&rft.epage=11&rft.pages=1-11&rft.issn=2356-6140&rft.eissn=1537-744X&rft_id=info:doi/10.1155/2014/825072&rft_dat=%3Cgale_doaj_%3EA413713192%3C/gale_doaj_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c572t-6725be4517f8411d0a017546c53be757ff7197bb2d3e724b2d2e7251e63136753%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1566551576&rft_id=info:pmid/24977229&rft_galeid=A413713192&rfr_iscdi=true