Browse > Article
http://dx.doi.org/10.13089/JKIISC.2004.14.4.75

Security Proof for a Leakage-Resilient Authenticated Key Establishment Protocol  

Shin, Seong-Han (The University of Tokyo)
Kazukuni Kobara (The University of Toky)
Hideki Imai (The University of Tokyo)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.14, no.4, 2004 , pp. 75-90 More about this Journal
Abstract
At Asiacrypt 2003, Shin et al., have proposed a new class for Authenticated Key Establishment (AKE) protocol named Leakage-Resilient AKE ${(LR-AKE)}^{[1]}$. The authenticity of LR-AKE is based on a user's password and his/her stored secrets in both client side and server side. In their LR-AKE protocol, no TRM(Tamper Resistant Modules) is required and leakage of the stored secrets from $.$my side does not reveal my critical information on the password. This property is useful when the following situation is considered :(1) Stored secrets may leak out ;(2) A user communicates with a lot of servers ;(3) A user remembers only one password. The other AKE protocols, such as SSL/TLS and SSH (based or PKI), Password-Authenticated Key Exchange (PAKE) and Threshold-PAKE (T-PAKE), do not satisfy that property under the above-mentioned situation since their stored secrets (or, verification data on password) in either the client or the servers contain enough information to succeed in retrieving the relatively short password with off-line exhaustive search. As of now, the LR-AKE protocol is the currently horn solution. In this paper, we prove its security of the LR-AKE protocol in the standard model. Our security analysis shows that the LR-AKE Protocol is provably secure under the assumptions that DDH (Decisional Diffie-Hellman) problem is hard and MACs are selectively unforgeable against partially chosen message attacks (which is a weaker notion than being existentially unforgeable against chosen message attacks).
Keywords
passwords; on-line and off-line attacks; authenticated key establishment; leakage of stored secrets; DDH problem; standard model;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. H. Shin, K. Kobara, and H. Imai 'Leakage-Resilient Authenticated Key Establishment Protocols', In Proc. of ASIACRYPT 2003. LNCS 2894, pp. 155-172, Springer-Verlag, 2003
2 Phoenix Technologies Inc., 'Research Papers on Strong Password Authentication', available at http://www.integritysciences. com/links. html
3 D. Boneh. 'The Decision Diffie-Hellman problem', In Proc. of the Third Algorithmic Number Theory Symposium. 1998
4 A. Shamir, 'How to Share a Secret', In Proc. of Communications of the ACM, Vol. 22(1l), pp. 612-613, 1979   DOI   ScienceOn
5 M. Bellare and P. Rogaway, 'Entity Authentication and Key Distribution', In Proc. of CRYPTO '93, LNCS 773, pp. 232-249, Springer-Verlag, 1993
6 P. MacKenzie, T. Shrimpton, and M. Jakobsson, 'Threshold PasswordAuthenticated Key Exchange', In Proc. of CRYPTO 2002, LNCS 2442, pp, 385-400, Springer-Verlag, 2002
7 M. D. Raimondo and R. Gennaro, 'Provably Secure Threshold PasswordAuthenticated Key Exchange', In Proc. of EUROCRYPT 2003, LNCS 2656, pp. 507-523, Springer-Verlag, 2003
8 M. Bellare, D. Pointcheval. and P. Rogaway, 'Authenticated Key Exchange Secure against Dictionary Attacks', In Proc. of EUROCRYPT 2000, LNCS 1807, pp. 139-155, Springer-Verlag, 2000
9 S. M. Bellovin and M. Merritt, 'Encrypted Key Exchange : Passwordbased Protocols Secure against Dictioinary Attacks', In Proc. of IEEE Symposium on Security and Privacy, pp. 72-84, 1992
10 A. Frier, P. Karlton, and P. Kocher, 'The SSL 3.0 Protocol', Netscape Communications Corp., 1996, available at http://wp.netscape.com/eng/ss13/
11 IETF (Internet Engineering Task Force), 'Secure Shell (secsh) Charter', available at http://www.ietf.org/html. charters/secsh-charter. html
12 IETF (Internet Engineering Task Force), 'Transport Layer Security (tis) Charter', availabel at http:// www.ietf.org/html.charters/tIs-charter. html
13 H. Krawczyk, M. Bellare, and R. Canetti, 'HMAC : Keyed-Hashing for Message Authentication', IETF RFC 2104, 1997, available at http://www. ietf.org/rfc /rfc2104.txt
14 IEEE Std 1363-2000, 'IEEE Standard Specifications for Public Key Cryptography', Main Document, pp, 53-57, IEEE, August 29, 2000
15 M. Naor and M. Yung, 'Universal One-Way Hash Functions and Their Cryptographic Applications', In Proc. of STOC '98, pp. 33-43, 1998
16 IEEE PI363.2, 'Standard Specifications for Password-based Public Key Cryptographic Techniques', Draft version 12, December 9, 2003