Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard ModelReportar como inadecuado

Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

The Scientific World Journal - Volume 2014 2014, Article ID 825072, 11 pages -

Research Article

Department of Computer Engineering, Konkuk University, 268 Chungwondaero, Chungju, Chungcheongbukdo 380-701, Republic of Korea

Information Assurance Research Group, Advanced Computing Research Centre, University of South Australia, Mawson Lakes, SA 5095, Australia

Department of Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 440-746, Republic of Korea

Received 23 January 2014; Accepted 27 February 2014; Published 14 April 2014

Academic Editors: T. Cao, M. Ivanovic, and F. Yu

Copyright © 2014 Junghyun Nam et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Protocols for password-only authenticated key exchange PAKE in the three-party settingallow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway 2000,which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Autor: Junghyun Nam, Kim-Kwang Raymond Choo, Junghwan Kim, Hyun-Kyu Kang, Jinsoo Kim, Juryon Paik, and Dongho Won



Documentos relacionados