[KSCI] Korea Science Citation Index Service

A Password-based Efficient Key Exchange Protocol

이성운 (경북대학교 컴퓨터공학과)
김현성 (경일대학교 컴퓨터공학)
유기영 (경북대학교 컴퓨터공학과)

Publication Information

Journal of KIISE:Information Networking / v.31, no.4, 2004 , pp. 347-352 More about this Journal

Abstract

In this paper, we propose a new key exchange protocol which authenticates each other and shares a session key between a user and a server over an insecure channel using only a small password. The security of the protocol is based on the difficulty of solving the discrete logarithm problem and the Diffie-Hellman problem and the cryptographic strength of hash function. The protocol is secure against the man-in-the-middle attack, the password guessing attack, the Denning-Sacco attack, and the stolen-verifier attack, and provide the perfect forward secrecy. Furthermore, it is more efficient than other well-known protocols in terms of protocol execution time because it could be executed in parallel and has a simple structure.

Keywords

cryptography; key agreement; key exchange; password; authentication;

Citations & Related Records

Reference

1	T. Wu. 'Secure remote password protocol,' Internet Society Symposium on Network and Distributed System Security, 1998
2	P. MacKenzie, S. Patel, and R. Swaminathan. 'Password-authenticated key exchange based on RSA.' In ASIACRYPT2000
3	M. Bellare and P. Rogaway, 'The AuthA protocol for password-based authenticated key exchange,' Presented to IEEE P1363a, March 2000
4	W. Diffie, M. E. Hellman, 'New directions in cryptography,' IEEE Transactions on Information Theory, Vol.IT-22, No.6, pp.644-654, 1976 DOI
5	D. R. Stinson, Cryptography Theory and Practice, CRC, 1995
6	M. Bellare and P. Rogaway, 'Random oracles are practical: A paradigm for designing efficient protocols,' In ACM security 93, pp.62-73, 1993 DOI
7	M. Bellare and P. Rogaway, 'Entity Authentication and Key Distribution,' Advances in Cryptology-CRYPTO'93, Vol. 773, pp.232-249, 1994
8	IEEE. Standard Specifications for Public Key Cryptography, IEEE1363, 2002
9	V. Boyko, P. MacKenzie and S. Patel. 'Provably Secure Password- Authenticated Key Exchange Using Diffie-Hellman,' Advances in Cryptology-EUROCRYPT'2000, pp. 156-171, 2000
10	T. Kwon. 'Ultimate Solution to Authentication via Memorable Password,' Presented to IEEE P1363a, May 2000
11	D. Jablon. 'Extended password key exchange protocols,' WETICE Workshop on Enterprise Security, 1997

Reference
Cited By KSCI

1	An Implementation and Performance Evaluation of IPsec System engaged IKEv2 Protocol Engine / [Kim, Sung-Chan;Chun, Jun-Ho;Jun, Moon-Seog;] / Journal of the Korea Institute of Information Security & Cryptology
2	An Implementation and Evaluation of Improved Anti-DoS IKE Protocol Engine for Interaction with IPsec System / [Kim, Sung-Chan;Choun, Jun-Ho;Jun, Moon-Seog;] / The Journal of Korean Institute of Communications and Information Sciences
3	A Design of One-time Password Verification System with Enhanced Security Using Certificate / [Kim, Hyun-Chul;Lee, Chang-Soo;Lee, Kyung-Seok;Jun, Moon-Seog;] / The Journal of Korean Institute of Communications and Information Sciences
4	Group Key Generation Scheme using Logical Operation of HashChain and Random Number in Hierarchy Structures / [Kim, Hyun-Chul;Lee, Young-Gu;Kim, Jung-Jae;Lee, Kwang-Hyung;] / Journal of the Korea Academia-Industrial cooperation Society
5	Anonymity Certification Technique of a Smart Card base for Personal Information Protection / [Lee, Kwang-Hyoung;Park, Jeong-Hyo;] / Journal of the Korea Academia-Industrial cooperation Society
6	A Design of Protocol Based on Smartcard for Financial Information to Protect in E-payment System / [Lee, Kwang-Hyoung;Park, Jeong-Hyo;] / Journal of the Korea Academia-Industrial cooperation Society

KSCI

A Password-based Efficient Key Exchange Protocol 패스워드 기반의 효율적인 키 교환 프로토콜

A Password-based Efficient Key Exchange Protocol