Efficient two-server password-only authenticated key exchange

IEEE Transactions on Parallel and Distributed Systems

Volumn 24, Issue 9, 2013, Pages 1773-1782

  Yi, Xun ^a   Ling, San ^b   Wang, Huaxiong ^b  

^a VICTORIA UNIVERSITY   (Australia)

^b NANYANG TECHNOLOGICAL UNIVERSITY   (Singapore)

Author keywords

dictionary attack; Diffie Hellman key exchange; ElGamal encryption; Password authenticated key exchange

Indexed keywords

AUTHENTICATED KEY EXCHANGE; DICTIONARY ATTACK; DIFFIE-HELLMAN KEY EXCHANGE; ELGAMAL ENCRYPTION; PARALLEL COMPUTATION; PASSWORD AUTHENTICATED KEY EXCHANGES (PAKE); PASSWORD-AUTHENTICATED KEY EXCHANGE; SYMMETRIC SOLUTION;

PERSONAL COMPUTING; PUBLIC KEY CRYPTOGRAPHY;

AUTHENTICATION;

EID: 84881079256     PISSN: 10459219     EISSN: None     Source Type: Journal    
DOI: 10.1109/TPDS.2012.282     Document Type: Article

References (34)

1. M. Abdalla and D. Pointcheval, "Simple Password-Based Encrypted Key Exchange Protocols," Proc. Int'l Conf. Topics in Cryptology (CT-RSA), pp. 191-208, 2005. (Pubitemid 41231212)
2. M. Abdalla, O. Chevassut, and D. Pointcheval, "One-Time Verifier-Based Encrypted Key Exchange," Proc. Eighth Int'l Conf. Theory and Practice in Public Key Cryptography (PKC '05), pp. 47-64, 2005. (Pubitemid 41231325)
3. M. Bellare, D. Pointcheval, and P. Rogaway, "Authenticated Key Exchange Secure against Dictionary Attacks," Proc. 19th Int'l Conf. Theory and Application of Cryptographic Techniques (Eurocrypt '00), pp. 139-155, 2000.
4. S. Bellovin and M. Merritt, "Encrypted Key Exchange: Password- Based Protocol Secure against Dictionary Attack," Proc. IEEE Symp. Research in Security and Privacy, pp. 72-84, 1992. (Pubitemid 23569189)
5. D. Boneh and M. Franklin, "Identity Based Encryption from the Weil Pairing," Proc. 21st Ann. Int'l Cryptology Conf. (Crypto '01), pp. 213-229, 2001. (Pubitemid 33317917)
6. D. Boneh and M. Franklin, "Identity Based Encryption from the Weil Pairing," SIAM J. Computing, vol. 32, no. 3, pp. 586-615, 2003.
7. D. Boneh, "The Decisional Diffie-Hellman Problem," Proc. Third Int'l Algorithmic Number Theory Symp., pp. 241-250, 1998.
8. V. Boyko, P. Mackenzie, and S. Patel, "Provably Secure Password- Authenticated Key Exchange Using Diffie-Hellman," Proc. 19th Int'l Conf. Theory and Application of Cryptographic Techniques (Eurocrypt '00), pp. 156-171, 2000.
9. J. Brainard, A. Jueles, B.S. Kaliski, and M. Szydlo, "A New Two- Server Approach for Authentication with Short Secret," Proc. 12th Conf. USENIX Security Symp., pp. 201-214, 2003.
10. W. Diffie and M.E. Hellman, "New Directions in Cryptography," IEEE Trans. Information Theory, IT-22, no. 6, pp. 644-654, Nov. 1976.
11. M. Di Raimondo and R. Gennaro, "Provably Secure Threshold Password Authenticated Key Exchange," Proc. 22nd Int'l Conf. Theory and Applications of Cryptographic Techniques (Eurocrypt '03), pp. 507-523, 2003.
12. T. ElGamal, "A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Trans. Information Theory, vol. IT-31, no. 4, pp. 469-472, July 1985.
13. W. Ford and B.S. Kaliski Jr., "Server-Assisted Generation of a Strong Secret from a Password," Proc. IEEE Ninth Int'l Workshop Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 176-180, 2000.
14. O. Goldreich and Y. Lindell, "Session-Key Generation using Human Passwords Only," Proc. 21st Ann. Int'l Cryptology Conf. Advances in Cryptology (Crypto '01), pp. 408-432, 2001. (Pubitemid 33317928)
15. L. Gong, T.M.A. Lomas, R.M. Needham, and J.H. Saltzer, "Protecting Poorly-Chosen Secret from Guessing Attacks," IEEE J. Selected Areas in Comm., vol. 11, no. 5, pp. 648-656, June 1993.
16. S. Halevi and H. Krawczyk, "Public-Key Cryptography and Password Protocols," ACM Trans. Information and System Security, vol. 2, no. 3, pp. 230-268, 1999.
17. D. Jablon, "Password Authentication Using Multiple Servers," Proc. Conf. Topics in Cryptology: The Cryptographer's Track at RSA (RSA-CT '01), pp. 344-360, 2001. (Pubitemid 33255175)
18. H. Jin, D.S. Wong, and Y. Xu, "An Efficient Password-Only Two- Server Authenticated Key Exchange System," Proc. Ninth Int'l Conf. Information and Comm. Security (ICICS '07), pp. 44-56, 2007.
19. J. Katz, R. Ostrovsky, and M. Yung, "Efficient Password- Authenticated Key Exchange Using Human-Memorable Passwords," Proc. Int'l Conf. Theory and Application of Cryptographic Techniques: Advances in Cryptology (Eurocrypt '01), pp. 457-494, 2001.
20. J. Katz, P. MacKenzie, G. Taban, and V. Gligor, "Two-Server Password-Only Authenticated Key Exchange," Proc. Applied Cryptography and Network Security (ACNS '05), pp. 1-16, 2005. (Pubitemid 41422104)
21. J. Katz and M. Yung, "Scalable Protocols for Authenticated Group Key Exchange," Proc. Advances in Cryptology Conf. (Crypto '03), pp. 110-125, 2003. (Pubitemid 137636938)
22. T.M.A. Lomas, L. Gong, J.H. Saltzer, and R.M. Needham, "Reducing Risks from Poorly-Chosen Keys," ACM Operating Systems Rev., vol. 23, no. 5, pp. 14-18, 1989.
23. P. MacKenzie, S. Patel, and R. Swaminathan, "Password-Authenticated Key Exchange Based on RSA," Proc. Sixth Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology (Asiacrypt '00), pp. 599-613, 2000.
24. P. Mackenize, T. Shrimpton, and M. Jakobsson, "Threshold Password-Authenticated key Exchange," Proc. 22nd Ann. Int'l Cryptology Conf. (Crypto '02), pp. 385-400, 2002.
25. R. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Comm. ACM, vol. 21, no. 2, pp. 120-126, 1978. (Pubitemid 8591219)
26. http://www.schneier.com/blog/archives/2006/12/realworld-passw.html, 2013.
27. M. Szydlo and B. Kaliski, "Proofs for Two-Server Password Authentication," Proc. Int'l Conf. Topics in Cryptology (RSA-CT '05), pp. 227-244, 2005. (Pubitemid 41231214)
28. Y. Tsiounis and M. Yung, "On the Security of ElGamal based Encryption," Proc. First Int'l Workshop Practice and Theory in Public Key Cryptography: Public Key Cryptography (PKC '98), pp. 117-134, 1998.
29. Y. Yang, F. Bao, and R.H. Deng, "A New Architecture for Authentication and Key Exchange Using Password for Federated Enterprise," Proc. 20th IFIP Int'l Information Security Conf. (SEC '05), pp. 95-111, 2005.
30. Y. Yang, R.H. Deng, and F. Bao, "A Practical Password-Based Two-Server Authentication and key Exchange System," IEEE Trans. Dependable and Secure Computing, vol. 3, no. 2, pp. 105-114, Apr.-June 2006.
31. Y. Yang, R.H. Deng, and F. Bao, "Fortifying Password Authentication in Integrated Healthcare Delivery Systems," Proc. ACM Symp. Information, Computer and Comm. Security (ASIACCS '06), pp. 255- 265, 2006.
32. X. Yi, R. Tso, and E. Okamoto, "ID-Based Group Password- Authenticated Key Exchange," Proc. Fourth Int'l Workshop Security: Advances in Information and Computer Security (IWSEC '09), pp. 192- 211, 2009.
33. X. Yi, R. Tso, and E. Okamoto, "Three-Party Password-Authenticated Key Exchange without Random Oracles," Proc. Int'l Conf. Security and Cryptography (SECRYPT '11), pp. 15-24, 2011.
34. X. Yi, R. Tso, and E. Okamoto, "Identity-Based Password- Authenticated Key Exchange for Client/Server Model," Proc. Int'l Conf. Security and Cryptography (SECRYPT '12), pp. 45-54, 2012.