Advertisement

Provably leakage-resilient three-party password-based authenticated key exchange

  • Ou RuanEmail author
  • Qingping Wang
  • Zihao Wang
Original Research
  • 98 Downloads

Abstract

Three-party password-based authenticated key exchange (3PAKE) protocol is an important practical cryptographic primitive in the client-client communication environments, where two clients could generate a shared secure session key using their human-memorable passwords with a server’s help. Many 3PAKE protocols were proposed, but these protocols were only secure in the traditional model where no leakage attacks exist. In Mobile Internet, Wireless Networks and Sensor Networks environments, 3PAKE systems are very vulnerable to side-channel attacks. Therefore, it is very necessary to design 3PAKE protocols that are secure in the leakage environments. However, there is no previous works for formalizing the security model for leakage-resilient (LR) 3PAKE and designing the LR 3PAKE protocols. In the paper, we first define a continuous after-the-fact LR eCK-security model for 3PAKE and propose a LR 3PAKE protocol, then present a formal security proof in the standard model.

Keywords

Leakage-resilience Password-based authenticated key exchange Three-party setting Provable security 

Notes

Acknowledgements

The work was supported by the Natural Science Foundation of Hubei Province of China (No. 2017CFB596) and the Green Industry Technology Leading Project of Hubei University of Technology (No. ZZTS2017006).

References

  1. Alawatugoda J, Boyd C, Stebila D (2014a) Continuous after-the-fact leakage-resilient key exchange. In: australasian conference on information security and privacy, pp 258–273Google Scholar
  2. Alawatugoda J, Stebila D, Boyd C (2014b) Modelling after-the-fact leakage for key exchange. In: ACM symposium on information, computer and communications security, pp 207–216Google Scholar
  3. Alawatugoda J, Stebila D, Boyd C (2015) Continuous after-the-fact leakage-resilient eck-secure key exchange. In: IMA international conference on cryptography and coding, pp 277–294Google Scholar
  4. Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: international conference on the theory and applications of cryptographic techniques, pp 139–155Google Scholar
  5. Bellovin SM, Merritt M (1992) Encrypted key exchange: Password-based protocols secureagainst dictionary attacks. In: IEEE symposium on research in security and privacy, pp 72–84Google Scholar
  6. Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. Adva Cryptol EUROCRYPT 2045:453–474MathSciNetzbMATHGoogle Scholar
  7. Chasaki D, Mansour C (2015) Security challenges in the internet of things. Int J Space Based Situat Comput 5(3):141–149CrossRefGoogle Scholar
  8. Chen HC, Mao CH, Lin YT, Kung TL, Weng CE (2016a) A secure group-based mobile chat protocol. J Ambient Intell Hum Comput 7(5):693–703CrossRefGoogle Scholar
  9. Chen R, Mu Y, Yang G, Susilo W, Guo F (2016b) Strongly leakage-resilient authenticated key exchange. In: Cryptographers track at the RSA conference, pp 19–36Google Scholar
  10. Davì F, Dziembowski S, Venturi D (2010) Leakage-resilient storage. SCN, vol 6280. Lecture Notes in Computer Science. Springer, Berlin, pp 121–137Google Scholar
  11. Dziembowski S, Faust S (2011) Leakage-resilient cryptography from the inner-product extractor. In: Advances in cryptology - ASIACRYPT 2011 - international conference on the theory and application of cryptology and information security, Seoul, Proceedings, pp 702–721Google Scholar
  12. Farash MS, Attari MA (2014a) An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps. Nonlinear Dyn 77(1–2):399–411MathSciNetCrossRefzbMATHGoogle Scholar
  13. Farash MS, Attari MA (2014b) An efficient client–client password-based authentication scheme with provable security. J Supercomput 70(2):1002–1022CrossRefGoogle Scholar
  14. Goldreich O, Lindell Y (2006) Session-key generation using human passwords only. J Cryptol 19(3):241–340MathSciNetCrossRefzbMATHGoogle Scholar
  15. Goyal V (2012) Positive results for concurrently secure computation in the plain model. In: foundations of computer science, pp 41–50Google Scholar
  16. Hu C, Liu P, Guo S (2016) Public key encryption secure against related-key attacks and key-leakage attacks from extractable hash proofs. J Ambient Intell Hum Comput 7(5):1–12CrossRefGoogle Scholar
  17. Jin WB, Dong HL, Lim JI (2007) Ec2c-paka: An efficient client-to-client password-authenticated key agreement. Inf Sci 177(19):3995–4013MathSciNetCrossRefzbMATHGoogle Scholar
  18. Katz J, Ostrovsky R, Yung M (2009) Efficient and secure authenticated key exchange using weak passwords. J ACM 57(1):78–116MathSciNetCrossRefzbMATHGoogle Scholar
  19. Katz J, Mackenzie P, Taban G, Gligor V (2012) Two-server password-only authenticated key exchange. J Comput Syst Sci 78(2):651–669MathSciNetCrossRefzbMATHGoogle Scholar
  20. Krawczyk H (2008) On extract-then-expand key derivation functions and an hmac-based kdf. http://webee.technion.ac.il/~hugo/kdf/kdf.pdf
  21. Lamacchia B, Lauter K, Mityagin A (2007) Stronger security of authenticated key exchange. In: International conference on provable security, pp 1–16Google Scholar
  22. Li S, Zhang F (2013) Leakage-resilient identity-based encryption scheme. Int J Grid Utility Comput 4(2/3):187–196CrossRefGoogle Scholar
  23. Mackenzie PD, Patel S, Swaminathan R (2000) Password-authenticated key exchange based on RSA. In: International conference on the theory and application of cryptology and information security, pp 599–613Google Scholar
  24. Moriyama D, Okamoto T (2011) Leakage resilient ECK-secure key exchange protocol without random oracles. In: ACM symposium on information, computer and communications security, pp 441–447Google Scholar
  25. Ou R, Kumar N, He D, Lee JH (2015) Efficient provably secure password-based explicit authenticated key agreement. Pervas Mob Comput 24(12):50–60Google Scholar
  26. Ou R, Zhang Y, Zhang M, Zhou J, Harn L (2017) After-the-fact leakage-resilient identity-based authenticated key exchange. IEEE Syst J (99):1–10Google Scholar
  27. Pu Q, Wang J, Wu S, Fu J (2013) Secure verifier-based three-party password-authenticated key exchange. Peer–Peer Netw Appl 6(1):15–25CrossRefGoogle Scholar
  28. Ran C, Dachman-Soled D, Vaikuntanathan V, Wee H (2012) Efficient password authenticated key exchange via oblivious transfer. Int Conf Pract Theory Public Key Cryptogr 7293:449–466zbMATHGoogle Scholar
  29. Tso R (2013) Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol. J Supercomput 66(2):863–874CrossRefGoogle Scholar
  30. Wang Q, Ou R, Wang Z (2018) Security analysis and improvements of three-party password-based authenticated key exchange protocol. Springer, Cham, pp 497–508Google Scholar
  31. Wang Y, Ma J, Lu X, Lu D, Zhang L (2016) Efficiency optimisation signature scheme for time-critical multicast data origin authentication. Int J Grid Utility Comput 7(1):1–11CrossRefGoogle Scholar
  32. Wu S, Pu Q, Wang S, He D (2012) Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol. Inf Sci 215(1):83–96MathSciNetCrossRefzbMATHGoogle Scholar
  33. Xie Q, Dong N, Tan X, Wong DS, Wang G (2013) Improvement of a three-party password-based key exchange protocol with formal verification. Inf Technol Control 42(3):231–237Google Scholar
  34. Xiong H, Chen Y, Guan Z, Chen Z (2013) Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys. Inf Sci 235(1):329–340MathSciNetCrossRefzbMATHGoogle Scholar
  35. Yamamoto N (2016) An improved group discussion system for active learning using smartphone and its experimental evaluation. Int J Space Based Situat Comput 6(4):221–227CrossRefGoogle Scholar
  36. Yang JH, Cao TJ (2012) Provably secure three-party password authenticated key exchange protocol in the standard model. J Syst Softw 85(2):340–350MathSciNetCrossRefGoogle Scholar
  37. Zhao J, Gu D (2012) Provably secure three-party password-based authenticated key exchange protocol. Inf Sci 184(1):310–323MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2017

Authors and Affiliations

  1. 1.School of Computer Science and TechnologyHubei University of TechnologyWuhanChina

Personalised recommendations