정보보호학회논문지 (Journal of the Korea Institute of Information Security & Cryptology)

  • 제14권4호
  • /
  • Pages.75-90
  • /
  • 2004
  • /
  • 1598-3986(pISSN)
  • /
  • 2288-2715(eISSN)
한국정보보호학회 (Korea Institute of Information Security and Cryptology)
권호 표지
DOI QR코드

DOI QR Code

Security Proof for a Leakage-Resilient Authenticated Key Establishment Protocol

  • 발행 : 2004.08.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

At Asiacrypt 2003, Shin et al., have proposed a new class for Authenticated Key Establishment (AKE) protocol named Leakage-Resilient AKE ${(LR-AKE)}^{[1]}$. The authenticity of LR-AKE is based on a user's password and his/her stored secrets in both client side and server side. In their LR-AKE protocol, no TRM(Tamper Resistant Modules) is required and leakage of the stored secrets from $.$my side does not reveal my critical information on the password. This property is useful when the following situation is considered :(1) Stored secrets may leak out ;(2) A user communicates with a lot of servers ;(3) A user remembers only one password. The other AKE protocols, such as SSL/TLS and SSH (based or PKI), Password-Authenticated Key Exchange (PAKE) and Threshold-PAKE (T-PAKE), do not satisfy that property under the above-mentioned situation since their stored secrets (or, verification data on password) in either the client or the servers contain enough information to succeed in retrieving the relatively short password with off-line exhaustive search. As of now, the LR-AKE protocol is the currently horn solution. In this paper, we prove its security of the LR-AKE protocol in the standard model. Our security analysis shows that the LR-AKE Protocol is provably secure under the assumptions that DDH (Decisional Diffie-Hellman) problem is hard and MACs are selectively unforgeable against partially chosen message attacks (which is a weaker notion than being existentially unforgeable against chosen message attacks).

키워드

참고문헌

  1. S. H. Shin, K. Kobara, and H. Imai 'Leakage-Resilient Authenticated Key Establishment Protocols', In Proc. of ASIACRYPT 2003. LNCS 2894, pp. 155-172, Springer-Verlag, 2003
  2. IEEE Std 1363-2000, 'IEEE Standard Specifications for Public Key Cryptography', Main Document, pp, 53-57, IEEE, August 29, 2000
  3. IEEE PI363.2, 'Standard Specifications for Password-based Public Key Cryptographic Techniques', Draft version 12, December 9, 2003
  4. S. M. Bellovin and M. Merritt, 'Encrypted Key Exchange : Passwordbased Protocols Secure against Dictioinary Attacks', In Proc. of IEEE Symposium on Security and Privacy, pp. 72-84, 1992
  5. Phoenix Technologies Inc., 'Research Papers on Strong Password Authentication', available at http://www.integritysciences. com/links. html
  6. P. MacKenzie, T. Shrimpton, and M. Jakobsson, 'Threshold PasswordAuthenticated Key Exchange', In Proc. of CRYPTO 2002, LNCS 2442, pp, 385-400, Springer-Verlag, 2002
  7. M. D. Raimondo and R. Gennaro, 'Provably Secure Threshold PasswordAuthenticated Key Exchange', In Proc. of EUROCRYPT 2003, LNCS 2656, pp. 507-523, Springer-Verlag, 2003
  8. IETF (Internet Engineering Task Force), 'Secure Shell (secsh) Charter', available at http://www.ietf.org/html. charters/secsh-charter. html
  9. A. Frier, P. Karlton, and P. Kocher, 'The SSL 3.0 Protocol', Netscape Communications Corp., 1996, available at http://wp.netscape.com/eng/ss13/
  10. IETF (Internet Engineering Task Force), 'Transport Layer Security (tis) Charter', availabel at http:// www.ietf.org/html.charters/tIs-charter. html
  11. D. Boneh. 'The Decision Diffie-Hellman problem', In Proc. of the Third Algorithmic Number Theory Symposium. 1998
  12. A. Shamir, 'How to Share a Secret', In Proc. of Communications of the ACM, Vol. 22(1l), pp. 612-613, 1979 https://doi.org/10.1145/359168.359176
  13. M. Bellare, D. Pointcheval. and P. Rogaway, 'Authenticated Key Exchange Secure against Dictionary Attacks', In Proc. of EUROCRYPT 2000, LNCS 1807, pp. 139-155, Springer-Verlag, 2000
  14. M. Bellare and P. Rogaway, 'Entity Authentication and Key Distribution', In Proc. of CRYPTO '93, LNCS 773, pp. 232-249, Springer-Verlag, 1993
  15. M. Naor and M. Yung, 'Universal One-Way Hash Functions and Their Cryptographic Applications', In Proc. of STOC '98, pp. 33-43, 1998
  16. H. Krawczyk, M. Bellare, and R. Canetti, 'HMAC : Keyed-Hashing for Message Authentication', IETF RFC 2104, 1997, available at http://www. ietf.org/rfc /rfc2104.txt