Adam Groce,Jonathan Katz

DOI: https://doi.org/10.1145/1866307.1866365

2010-01-01

Abstract:Protocols for password-based authenticated key exchange (PAKE) allow two users who share only a short, low-entropy password to agree on a cryptographically strong session key. The challenge in designing such protocols is that they must be immune to off-line dictionary attacks in which an eavesdropping adversary exhaustively enumerates the dictionary of likely passwords in an attempt to match a password to the set of observed transcripts. To date, few general frameworks for constructing PAKE protocols in the standard model are known. Here, we abstract and generalize a protocol by Jiang and Gong to give a new methodology for realizing PAKE without random oracles, in the common reference string model. In addition to giving a new approach to the problem, the resulting construction off ers several advantages over prior work. We also describe an extension of our protocol that is secure within the universal composability (UC) framework and, when instantiated using El Gamal encryption, is more efficient than a previous protocol of Canetti et al.

Zhijun Zhang,Pla Information

2010-01-01

Abstract:A group key agreement protocol based on m-tree and DMDH assumption is developed to improve the poor scalability and efficiency of most existing group key agreement protocols in dynamic peer communication.This protocol combined m-tree with DMDH assumption,which key agreement is completed by which all group members agreed on variable m to fix on key tree and selected corresponding multilinear map from cluster of multilinear maps.Meanwhile,it much more applied to LAN and WAN by which communication and computation costs are balanced by variable m.Compared with TGDH and GDH,it made a great progress in security,scalability and efficiency.

Minkyung Park,Eunsang Cho,Ted Taekyoung Kwon

DOI: https://doi.org/10.7840/kics.2015.40.8.1597

2015-08-31

The Journal of Korean Institute of Communications and Information Sciences

Abstract:Password authenticated key exchange (PAKE) is a protocol that a client stores its password to a server, authenticates itself using its password and shares a session key with the server. In multi-server PAKE, a client splits its password and stores them to several servers separately. Unless all the servers are compromised, client's password will not be disclosed in the multi-server setting. In attribute-based encryption (ABE), a sender encrypts a message M using a set of attributes and then a receiver decrypts it using the same set of attributes. In this paper, we introduce multi-server PAKE protocol that utilizes a set of attributes of ABE as a client's password. In the protocol, the client and servers do not need to create additional public/private key pairs because the password is used as a set of public keys. Also, the client and the servers exchange only one round-trip message per server. The protocol is secure against dictionary attacks. We prove our system is secure in a proposed threat model. Finally we show feasibility through evaluating the execution time of the protocol.

English Else

Hu Xiong,Yanan Chen,Zhong Chen,Fagen Li

DOI: https://doi.org/10.2316/Journal.202.2013.1.202-3540

2015-01-01

International Journal of Computers and Applications

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the help of an authenticated server over an insecure channel. Owning to the significance in building a secure communication channel, a number of approaches have been suggested over the years. However, the lack of formal security proof is a major issue in the related literature. In this paper, we propose a simple 3PAKE protocol based upon elliptic curve cryptography along with formal security proof under the decisional Diffie-Hellman assumption. Experimental results by using the automated validation of Internet security protocols and applications tool also show that the proposed protocol is secure against various malicious attacks. Compared with previous work, the proposed protocol has lower computation costs and lighter communication loads.

LIAN Huanhuan,HOU Huiying,ZHAO Yunlei

DOI: https://doi.org/10.11959/j.issn.1000−436x.2022062

2022-01-01

Abstract:In view of the fact that server stored the passwords directly in plaintext, there was a risk of server compromise, and two-party PAKE protocol was not suitable for large-scale communication systems, a three-party verifier-based password authenticated key exchange protocol from lattices was proposed.Hashing scheme and zero-knowledge password policy check were combined to realize the generation of verifier and the password checking.A novel verifier-based 3PAKE protocol was constructed by using CCA-secure public-key encryption from lattices, which realized mutual authentication.Security and performance analysis shows that the proposed protocol has better advantages in communication efficiency and security.

María Isabel González Vasco,Angel L. Pérez del Pozo,Claudio Soriente,Maria Isabel Gonzalez Vasco,Angel Perez Del Pozo

DOI: https://doi.org/10.1109/tdsc.2019.2919013

2019-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Anonymous Password-Authenticated Key Exchange ($sf{ APAKE}$APAKE) can be seen as the hybrid offspring of standard key exchange and anonymous password authentication protocols. $sf{ APAKE}$APAKE allows a client holding a low-entropy password to establish a session key with a server, provided that the client's password is in the server's set. Moreover, no information about the password input by the client or the set of valid passwords held by the server should leak to the other party–beyond whether the client's password lies or not in the server's password database. To the best of our knowledge, all $sf{ APAKE}$APAKE proposals to date either assume client storage or force the client to remember the index assigned to its password in the server's database. Furthermore, earlier works either provide only informal definitions or fail in some sense to properly model the primitive. In this paper, we provide a formal security model for $sf{ APAKE}$APAKE, capturing security and ano-ymity provisions for both clients and servers. In addition, we present two $sf{ APAKE}$APAKE protocols that only require clients to remember a password and that attain our sought key secrecy and anonymity guarantees. Our first protocol leverages oblivious pseudo-random functions, while the second one builds upon a special type of identity-based encryption scheme.

computer science, information systems, software engineering, hardware & architecture

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Victor Boyko,Philip MacKenzie,Sarvar Patel

DOI: https://doi.org/10.1007/3-540-45539-6_12

2000-01-01

Abstract:When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using crypto-graphically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit-authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest.

Kübra Seyhan,Sedat Akleylek

DOI: https://doi.org/10.7717/peerj-cs.1791

2024-01-31

PeerJ Computer Science

Abstract:In this article, we propose a novel bilateral generalization inhomogenous short integer solution (BiGISIS)-based password-authenticated key exchange (PAKE) scheme for post-quantum era security. The hardness assumption of the constructed PAKE is based on newly proposed hard lattice problem, BiGISIS. The main aim of this article is to provide a solution for the post-quantum secure PAKE scheme, which is one of the open problems in the literature. The proposed PAKE is the first BiGISIS-based PAKE that satisfies anonymity and reusable key features. The bilateral-pasteurization (BiP) approach is used to obtain the reusable key, and anonymity is achieved thanks to the additional identity components and hash functions. The reusable key structure reduces the time in the key generation, and anonymity prevents illegal user login attempts. The security analysis is done by following the real-or-random (RoR) model assumptions. As a result of security examinations, perfect forward secrecy (PFS) and integrity are satisfied, and the resistance against eavesdropping, manipulation-based attack (MBA), hash function simulation, impersonation, signal leakage attack (SLA), man-in-the-middle (MitM), known-key security (KKS), and offline password dictionary attack (PDA) is captured. According to the comparison analysis, the proposed PAKE is the first SLA-resistant lattice-based PAKE with reusable key and anonymity properties.

computer science, information systems, artificial intelligence, theory & methods

Xiangyang Wang,Chunxiang Gu,Siqi Lu,Xi Chen

DOI: https://doi.org/10.1117/12.2628502

2022-04-22

Abstract:This paper studies the password-based strong authentication key exchange protocol in the cross-domain scenario, and gives an end-to-end highly secure C2C-PAKE protocol, in which the server shares a password with the client and also has a pair of private/public keys. In contrast, the client has the shared password and the server's public-key. Specifically, we combine the ECQV implicit certificate scheme with the ECDH key exchange protocol to give a highly secure cross-domain protocol. Considering the application of the ECQV implicit certificate scheme in the Internet of Things (IoT), we give an analysis the possibility of the proposed protocol applied in the cross-domain scenario of the IoT. Finally, based on some common attacks, we show a security analysis of our protocol, which achieves perfect forward security and resists dictionary attacks, KCI attacks, replay attacks, Insider-Assisted attacks, and so on.

Hu Xiong,Yanan Chen,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1016/j.ins.2013.02.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.’s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model.

Lin Chen,Tongzhou Qu,Anqi Yin

DOI: https://doi.org/10.1007/s11042-023-17984-1

IF: 2.577

2024-01-19

Multimedia Tools and Applications

Abstract:Password-based authentication is one of the most prevailing access control mechanism. Typical password-authenticated key exchange (PAKE) protocols are single-server settings and are therefore vulnerable to server compromise attack. To defend against such attack, multi-server PAKE schemes have been advanced, but most of which are built on non-quantum-secure hardness assumptions. Lattice-based cryptosystems are regarded as the most promising one for post-quantum eara by NIST, while the known multi-server password-based authentication solution over lattices achieves merely key transport and is public key infrastructure (PKI)-based, resulting in low efficiency and poor deployability. In this work, we resort to distributed smooth projective hash function (SPHF) to bridge the gap between multi-server PAKE protocol and quantum-security. We first design an exact SPHF and derive the first distributed SPHF over lattices by leveraging the additive homomorphic property of the strong learning with errors (LWE) problem. In particular, the relevant parameters of the public key encryption (PKE) scheme it predicates on are identified, thus eliminating the influence of incomplete lattice homomorphism on the correctness of our SPHFs. Pertinent lattice-based multi-server PAKE protocols are further proposed on both transparent and non-transparent transmission modes by integrating our distributed SPHF into the multi-server framework of Raimondo and Gennaro (EUROCRYPT'03). Our PAKE constructions are able to resist both quantum and sever compromise attacks as well as avoid the expensive cryptographic primitives, including non-interactive zero knowledge (NIZK) proofs, signature/verification, secret sharing and fully homomorphic encryption. Experimental results demonstrate that our SPHFs and PAKE protocols offer better efficiency.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/506106.506108

2000-01-01

ACM SIGOPS Operating Systems Review

Abstract:Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.

Daojing He,Chun Chen,Maode Ma,Sammy Chan,Jiajun Bu

DOI: https://doi.org/10.1002/dac.1355

2011-01-01

International Journal of Communication Systems

Abstract:SUMMARYPassword‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.

Xiaoyan Yang,Han Jiang,Qiuliang Xu,Mengbo Hou,Xiaochao Wei,Minghao Zhao,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/trustcom.2016.0124

2016-01-01

Abstract:Anonymous password-based authenticated key exchange (APAKE) protocols are a topic of ongoing research interest. However, the security of existing APAKE protocols is generally provided in the random oracle model, and in these protocols, passwords are stored in cleartext on the server. However, proofs of security in the random oracle model do not necessarily imply security in the real world. Recent high profile incidents also indicate the real risk of a server being compromised and information stored on the server leaked. Verifier-based password-authenticated key exchange (VPAKE) protocols have been identified as a viable solution to overcome such limitations. In this paper, we propose a novel verifier-based anonymous password-authenticated key exchange (VAPAKE) protocol constructed using smooth projective hashing function. The proposed protocol only involves two-round interactions for mutual implicit authentication. We then prove the security of the protocol in the standard model.

Huanhuan Lian,Yafang Yang,Yunlei Zhao

DOI: https://doi.org/10.1109/jiot.2022.3219524

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Password authenticated key exchange (PAKE) allows two parties with a shared password to establish a session key. In order to provide secure and private communication between devices in an Internet of Things (IoT) environment, the PAKE protocol is considered one of the most common and promising security methods. However, many existing PAKE proposals still face challenges in security and efficiency. First, both the terminals of participants may suffer from the compromise attack and precomputation attack, which will lead to the leakage of password. Second, the majority of the existing schemes cannot guarantee participants’ identity privacy. Third, most PAKE protocols are not suitable for IoT devices with limited computing capability because of a large number of exponential and pairing operations. To address these issues, we propose a strong symmetric PAKE protocol for IoT devices, which only requires 3 exponentiations per party. The proposed scheme can protect both parties from compromise and precomputation attacks, in which the password file relies on the identity and random salt. What’s more, our protocol guarantees the identity privacy, that is, the transmitted record and password file will not reveal the identity information. We further present a new security model for our protocol, and prove that the proposed scheme is secure under this model. Finally, we show the practicality of our PAKE via experiments and efficiency analysis.

Jintai Ding,Saed Alsayigh,Jean Lancrenon,R. Saraswathy,Michael Snook

DOI: https://doi.org/10.1007/978-3-319-52153-4_11

2017-01-01

Abstract:Authenticated Key Exchange (AKE) is a cryptographic scheme with the aim to establish a high-entropy and secret session key over a insecure communications network. Password-Authenticated Key Exchange (PAKE) assumes that the parties in play share a simple password, which is cheap and human-memorable and is used to achieve the authentication. PAKEs are practically relevant as these features are extremely appealing in an age where most people access sensitive personal data remotely from more-and-more pervasive hand-held devices. Theoretically, PAKEs allow the secure computation and authentication of a high-entropy piece of data using a low-entropy string as a starting point. In this paper, we apply the recently proposed technique introduced in [19] to construct two lattice-based PAKE protocols enjoying a very simple and elegant design that is an parallel extension of the class of Random Oracle Model (ROM)-based protocols PAK and PPK [13,41], but in the lattice-based setting. The new protocol resembling PAK is three-pass, and provides mutual explicit authentication, while the protocol following the structure of PPK is two-pass, and provides implicit authentication. Our protocols rely on the Ring-Learning-with-Errors (RLWE) assumption, and exploit the additive structure of the underlying ring. They have a comparable level of efficiency to PAK and PPK, which makes them highly attractive. We present a preliminary implementation of our protocols to demonstrate that they are both efficient and practical. We believe they are suitable quantum safe replacements for PAK and PPK.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Wenting Li,Ping Wang,Kaitai Liang

DOI: https://doi.org/10.1109/tifs.2022.3214729

IF: 7.231

2023-03-01

IEEE Transactions on Information Forensics and Security

Abstract:Password-only authentication is one of the most popular secure mechanisms for real-world online applications. But it easily suffers from a practical threat - password leakage, incurred by external and internal attackers. The external attacker may compromise the password file stored on the authentication server, and the insider may deliberately steal the passwords or inadvertently leak the passwords. So far, there are two main techniques to address the leakage: Augmented password-authentication key exchange (aPAKE) against insiders and honeyword technique for external attackers. But none of them can resist both attacks. To fill the gap, we propose the notion of honey PAKE (HPAKE) that allows the authentication server to detect the password leakage and achieve the security beyond the traditional bound of aPAKE. Further, we build an HPAKE construction on the top of the honeyword mechanism, honey encryption, and OPAQUE which is a standardized aPAKE. We formally analyze the security of our design, achieving the insider resistance and the password breach detection. We implement our design and deploy it in the real environment. The experimental results show that our protocol only costs 71.27 ms for one complete run, within 20.67 ms on computation and 50.6 ms on communication. This means our design is secure and practical for real-world applications.

computer science, theory & methods,engineering, electrical & electronic

CL Lin,HM Sun,M Steiner,T Hwang

DOI: https://doi.org/10.1016/j.cose.2004.06.007

IF: 5.105

2004-01-01

Computers & Security

Abstract:Three-party key-exchange protocols with password authentication-clients share an easy-to-remember password with a trusted server only-are very suitable for applications requiring secure communications between many light-weight clients (end users); it is simply impractical that every two clients share a common secret. Steiner, Tsudik and Waidner (1995) proposed a realization of such a three-party protocol based on the encrypted key exchange (EKE) protocols. However, their protocol was later demonstrated to be vulnerable to off-line and undetectable on-line guessing attacks. Lin, Sun and Hwang (see ACM Operating Syst. Rev., vol.34, no. 4, p.12-20, 2000) proposed a secure three-party protocol with server public-keys. However, the approach of using server public-keys is not always a satisfactory solution and is impractical for some environments. We propose a secure three-party EKE protocol without server public-keys.