Abstract
Most of password authenticated key agreement protocols have focused on the two-party setting where two communicating parties share a human-memorable password. In this paper, we study password authenticated key agreement in the three-party setting where both communicating parties share respective passwords with a trusted third party rather than themselves. Previous results in this area have lack of security concerns and are never considered in the augmented model which was contrived to resist server compromise. Our contribution is, from the practical perspective, a new three-party password authenticated key agreement protocol that is first designed in the augmented model and very flexible in its message flows.
This study was supported by the grant of the Seoul R&BD Program.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)
Bellovin, S., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)
Bellovin, S., Merritt, M.: Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password-file compromise. In: ACM Conference on Computer and Communications Security, pp. 244–250. ACM Press, New York (1993)
Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: ACM Conference on Computer Communications Security, ACM Press, New York (2003)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. on Information Theory 22(6), 644–654 (1976)
IEEE P1363.2, Standard specifications for password-based PKC techniques, http://grouper.ieee.org/groups/1363/
Jablon, D.: Research Papers on Strong Password Authentication, http://www.jablon.org/passwordlinks.html
Kwon, T.: Practical authenticated key agreement using passwords. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 1–12. Springer, Heidelberg (2004), http://dasan.sejong.ac.kr/~tkwon/amp.html
Lin, C., Sun, H., Hwang, T.: Three-party encrypted key exchange: Attacks and a solution. ACM Operating Systems Review 34(4), 12–20 (2000)
Lin, C., Sun, H., Steiner, M., Hwang, T.: Three-party encrypted key exchange without srever public-keys. IEEE Communications Letters 5(12), 497–499 (2001)
Lomas, M., Gong, L., Saltzer, J., Needham, R.: Reducing risks from poorly chosen keys. In: ACM Symposium on Operating System Principles, pp. 14–18. ACM Press, New York (1989)
Neuman, B.C., Tso, T.: Kerberos: An Authentication Service for Computer Networks. IEEE Communications 32(9), 33–38 (1994)
Steiner, M., Tsudik, G., Waidner, M.: Refinement and extension of Encrypted Key Exchange. ACM Operating Systems Review 29(3), 22–30 (1995)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Kwon, T., Lee, D.H. (2007). Three-Party Password Authenticated Key Agreement Resistant to Server Compromise. In: Lee, J.K., Yi, O., Yung, M. (eds) Information Security Applications. WISA 2006. Lecture Notes in Computer Science, vol 4298. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71093-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-71093-6_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71092-9
Online ISBN: 978-3-540-71093-6
eBook Packages: Computer ScienceComputer Science (R0)