DOI QR코드

DOI QR Code

Practical Password-Authenticated Three-Party Key Exchange

  • Kwon, Jeong-Ok (Graduate School of Information Management & Security, Korea University) ;
  • Jeong, Ik-Rae (Graduate School of Information Management & Security, Korea University) ;
  • Lee, Dong-Hoon (Graduate School of Information Management & Security, Korea University)
  • Published : 2008.12.25

Abstract

Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the “client-server” applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.

Keywords

Cited by

  1. A lightweight intrusion detection framework for wireless sensor networks vol.10, pp.4, 2008, https://doi.org/10.1002/wcm.785
  2. Multi-party Password-Authenticated Key Exchange Scheme with Privacy Preservation for Mobile Environment vol.9, pp.12, 2008, https://doi.org/10.3837/tiis.2015.12.022