Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol

  • Conference paper
Frontiers of WWW Research and Development - APWeb 2006 (APWeb 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3841))

Included in the following conference series:

Abstract

We study client-to-client password-authenticated key exchange (C2C-PAKE) enabling two clients in different realms to agree on a common session key using different passwords. Byun et al. first presented C2C-PAKE schemes under the cross-realm setting. However, the schemes were not formally treated, and subsequently found to be flawed. In addition, in the schemes, there are still rooms for improvements both in computational and communicational aspects. In this paper we suggest an efficient C2C-PAKE (EC2C-PAKE) protocol, and prove that EC2C-PAKE protocol is secure under the decisional Diffie-Hellman assumption in the ideal cipher and random oracle models.

This research was supported by the MIC(Ministry of Information and Communication), Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Assessment).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abdalla, M., Fouque, P., Pointcheval, D.: Password-Based Authenticated Key Exchange in the Three-Party Setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Bellovin, S., Merrit, M.: Encrypted key exchange: password based protocols secure against dictionary attacks. In: Proceedings of the Symposium on Security and Privacy, pp. 72–84. IEEE, Los Alamitos (1992)

    Chapter  Google Scholar 

  4. Bresson, E., Chevassut, O., Pointcheval, D.: Group diffie-hellman key exchange secure against dictionary attacks. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 497–514. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  5. Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  6. Byun, J.W., Jeong, I.R., Lee, D.H., Park, C.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Byun, J.W., Lee, D.H.: N-party Encrypted Diffie-Hellman Key Exchange Using Different Passwords. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 75–90. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Byun, J.W., Lee, D.H., Lim, J.: Password-Based Group Key Exchange Secure Against Insider Guessing Attacks. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3802, pp. 143–148. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  9. Byun, J.W., Lee, D.H., Lim, J.: Efficient and Provably Secure Client-to-Client Password-based Key Exchange Protocol, A full paper is availabe at, http://cist.korea.ac.kr , http://cist.korea.ac.kr/~byunstar

  10. Chen, L.: A weakness of the password-authenticated key agreement between clients with different passwords scheme. ISO/IEC JTC 1/SC27 N3716

    Google Scholar 

  11. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using uuman-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  12. Kim, J., Kim, S., Kwak, J., Won, D.: Cryptoanalysis and improvements of password authenticated key exchange scheme between clients with different passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3044, pp. 895–902. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  13. Koo, J.H., Lee, D.H.: Secure Password Pocket for Distributed Web Services. In: Jin, H., Reed, D., Jiang, W. (eds.) NPC 2005. LNCS, vol. 3779, pp. 327–334. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Lin, C., Sun, H., Hwang, T.: Three-party encrypted key exchange: attacks and a solution. ACM Operating Systems Review 34(4), 12–20 (2000)

    Article  Google Scholar 

  15. Lin, C., Sun, H., Steiner, M., Hwang, T.: Three-party encrypted key exchange without server public-keys. IEEE Communications Letters 5(12), 497–499 (2001)

    Article  Google Scholar 

  16. Phan, R.C.-W., Goi, B.: Cryptanalysis of an Improved Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) Scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 33–39. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  17. Steiner, M., Tsudik, G., Waider, M.: Refinement and extension of encrypted key exchange. ACM Operation Sys. Review 29(3), 22–30 (1995)

    Article  Google Scholar 

  18. Wang, S., Wang, J., Xu, M.: Weakness of a password-authenticated key exchange protocol between clients with different passwords. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 414–425. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  19. Wu, T.: Secure remote password protocol. In: Proceedings of the Internet Society Network and Distributed System Security Symposium, pp. 97–111 (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Information Security Technologies (CIST), Korea University, Anam Dong, Sungbuk Gu, Seoul, Korea

    Jin Wook Byun, Dong Hoon Lee & Jong-in Lim

Authors
  1. Jin Wook Byun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dong Hoon Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jong-in Lim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of ITEE, The University of Queensland, Australia

    Xiaofang Zhou

  2. School of Computer Science and Technology, Heilongjiang University, China

    Jianzhong Li

  3. School of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, QLD, Australia

    Heng Tao Shen

  4. Institute of Industrial Science, The University of Tokyo, 4-6-1 Komaba, Meguro-ku, 153-8505, Tokyo, Japan

    Masaru Kitsuregawa

  5. Victoria University, Australia

    Yanchun Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Byun, J.W., Lee, D.H., Lim, Ji. (2006). Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds) Frontiers of WWW Research and Development - APWeb 2006. APWeb 2006. Lecture Notes in Computer Science, vol 3841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11610113_81

Download citation

  • DOI: https://doi.org/10.1007/11610113_81

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-31142-3

  • Online ISBN: 978-3-540-32437-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation