Advertisement

Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

An efficient and practical threshold gateway-oriented password-authenticated key exchange protocol in the standard model

一个标准模型下高效实用的门限网关口令认证密钥交换协议

Abstract

With the assistance of an authentication server, a gateway-oriented password-authenticated key exchange (GPAKE) protocol can establish a common session key shared between a client and a gateway. Unfortunately, a GPAKE protocol becomes totally insecure if an adversary can compromise the authentication server and steal the passwords of the clients. In order to provide resilience against adversaries who can hack into the authentication server, we propose a threshold GPAKE protocol and then present its security proof in the standard model based on the hardness of the decisional Diffie-Hellman (DDH) problem. In our proposal, the password is shared among n authentication servers and is secure unless the adversary corrupts more than t+1 servers. Our protocol requires n > 3t servers to work. Compared with existing threshold PAKE protocols, our protocol maintains both stronger security and greater efficiency.

创新点

网关口令认证密钥交换协议(简称网关口令协议)可以在认证服务器的协助下为用户和网关建立共享的会话密钥。但如果攻击者腐化认证服务器并且窃取了所有用户的口令信息,那么网关口令协议的安全性将无法保证。针对黑客对服务器的入侵攻击给网关口令协议带来的巨大安全威胁,我们设计了一个门限网关口令协议并且在标准模型下基于DDH假设证明了协议的安全性。在我们的协议中,口令被n个服务器以秘密共享的方式分享,攻击者只有腐化t+1个服务器才能够得到用户口令。与已有的同类协议相比,我们的协议不仅具有更强的安全性而且具有更高的效率。

This is a preview of subscription content, log in to check access.

References

  1. 1

    Xia Z H, Wang X H, Sun X M, et al. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst, 2015, 27: 340–352

  2. 2

    Fu Z J, Sun X M, Liu Q, et al. Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans Commun, 2015, 98: 190–200

  3. 3

    Ren Y J, Shen J, Wang J, et al. Mutual verifiable provable data auditing in public cloud storage. J Internet Tech, 2015, 16: 317–323

  4. 4

    Ni L, Chen G L, Li J H, et al. Strongly secure identity-based authenticated key agreement protocols in the escrow mode. Sci China Inf Sci, 2013, 56: 082113

  5. 5

    He D B, Zeadally S, Xu B W, et al. An efficient identity-based conditional privacy-preserving authentication scheme for vehicular Ad-hoc networks. IEEE Trans Inf Foren Sec, 2015, 10: 2681–2691

  6. 6

    Wang S B, Zhu Y, Ma D, et al. Lattice-based key exchange on small integer solution problem. Sci China Inf Sci, 2014, 57: 112111

  7. 7

    He D B, Zeadally S. Authentication protocol for an ambient assisted living system. IEEE Commun Mag, 2015, 53: 71–77

  8. 8

    Abdalla M, Chevassut O, Fouque P A, et al. A simple threshold authenticated key exchange from short secrets. In: Advances in Cryptology — ASIACRYPT 2005. Berlin: Springer, 2005. 566–584

  9. 9

    Byun J W, Lee D H, Lim J I. Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol. IEEE Commun Lett, 2006, 10: 683–685

  10. 10

    Kyung S. Cryptanalysis and enhancement of modified gateway-oriented password-based authenticated key exchange protocol. IEICE Trans Fund Electron Commun Comput Sci, 2008, 91: 3837–3839

  11. 11

    Abdalla M, Izabachene M, Pointcheval D. Anonymous and transparent gateway-based password-authenticated key exchange. In: Cryptology and Network Security. Berlin: Springer, 2008. 133–148

  12. 12

    Chor B, Kushilevitz E, Goldreich O, et al. Private information retrieval. J ACM, 1998, 45: 965–981

  13. 13

    Yoon E J, Yoo K Y. An optimized gateway-oriented password-based authenticated key exchange protocol. IEICE Trans Fund Electron Commun Comput Sci, 2010, 93: 850–853

  14. 14

    Wei F S, Zhang Z F, Ma C G. Gateway-oriented password-authenticated key exchange protocol in the standard model. J Syst Softw, 2012, 85: 760–768

  15. 15

    Jiang S Q, Gong G. Password based key exchange with mutual authentication. In: Selected Areas in Cryptography. Berlin: Springer, 2005. 267–279

  16. 16

    Wei F S, Zhang Z F, Ma C G. Analysis and enhancement of an optimized gateway-oriented password-based authenticated key exchange protocol. IEICE Trans Fund Electron Commun Comput Sci, 2013, 96: 1864–1871

  17. 17

    Chien H Y, Wu T C, Yeh M K. Provably secure gateway-oriented password-based authenticated key exchange protocol resistant to password guessing attacks. J Inf Sci Eng, 2013, 29: 249–265

  18. 18

    Choi S B, Yoon E J. Cryptanalysis of provably secure gateway-oriented password-based authenticated key exchange protocol. Appl Math Sci, 2013, 7: 6319–6328

  19. 19

    Ford W, Kaliski B S. Server-assisted generation of a strong secret from a password. In: Proceedings of IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, Gaithersburg, 2000. 176–180

  20. 20

    Jablon D P. Password authentication using multiple servers. In: Topics in Cryptology — CT-RSA 2001. Berlin: Springer, 2001. 344–360

  21. 21

    MacKenzie P, Shrimpton T, Jakobsson M. Threshold password-authenticated key exchange. In: Advances in Cryptology — CRYPTO 2002. Berlin: Springer, 2002. 385–400

  22. 22

    MacKenzie P, Shrimpton T, Jakobsson M. Threshold password-authenticated key exchange. J Cryptol, 2006, 19: 27–66

  23. 23

    Raimondo M, Gennaro R. Provably secure threshold password-authenticated key exchange. In: Advances in Cryptology — EUROCRYPT 2003. Berlin: Springer, 2003. 507–523

  24. 24

    Raimondo M, Gennaro R. Provably secure threshold password-authenticated key exchange. J Comput Syst Sci, 2006, 72: 978–1001

  25. 25

    Katz J, Ostrovsky R, Yung M. Efficient and secure authenticated key exchange using weak passwords. J ACM, 2009, 57: 3

  26. 26

    Lee S, Han K, Kang S, et al. Threshold password-based authentication using bilinear pairings. In: Public Key Infrastructure. Berlin: Springer, 2004. 350–363

  27. 27

    Chai Z, Cao Z, Lu R. Threshold password authentication against guessing attacks in Ad hoc networks. Ad Hoc Netw, 2007, 5: 1046–1054

  28. 28

    Li C T, Chu Y P. Cryptanalysis of threshold password authentication against guessing attacks in ad hoc networks. Int J Netw Secur, 2009, 8: 166–168

  29. 29

    Guo P, Wang J, Li B, et al. A variable threshold-value authentication architecture for wireless mesh networks. J Int Tech, 2014, 15: 929–936

  30. 30

    Bagherzandi A, Jarecki S, Saxena N, et al. Password-protected secret sharing. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. New York: ACM, 2011. 433–444

  31. 31

    Jarecki S, Kiayias A, Krawczyk H. Round-optimal password-protected secret sharing and t-pake in the password-only model. In: Advances in Cryptology — ASIACRYPT 2014. Berlin: Springer, 2014. 233–253

  32. 32

    Camenisch J, Lehmann A, Lysyanskaya A, et al. Memento: how to reconstruct your secrets from a single password in a hostile environment. In: Advances in Cryptology — CRYPTO 2014. Berlin: Springer, 2014. 256–275

  33. 33

    Hasegawa S, Isobe S, Iwazaki J Y, et al. A strengthened security notion for password-protected secret sharing schemes. IEICE Trans Fund Electron Commun Comput Sci, 2015, 98: 203–212

  34. 34

    Chaum D, Pedersen T P. Wallet databases with observers. In: Advances in Cryptology — CRYPTO’92. Berlin: Springer, 1993. 89–105

  35. 35

    Katz J, Vaikuntanathan V. Round-optimal password-based authenticated key exchange. J Cryptol, 2013, 26: 714–743

  36. 36

    Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing. In: Advances in Cryptology — CRYPTO’91. Berlin: Springer, 1992. 129–140

  37. 37

    Hastad J, Impagliazzo R, Levin L A, et al. A pseudorandom generator from any one-way function. SIAM J Comput, 1999, 28: 1364–1396

  38. 38

    Abe M, Cramer R, Fehr S. Non-interactive distributed-verifier proofs and proving relations among commitments. In: Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology. London: Springer, 2002. 206–223

  39. 39

    Abdalla M, Bellare M, Rogaway P. The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Proceedings of the Conference on Topics in Cryptology: the Cryptographer’s Track at RSA. London: Springer, 2001. 143–158

  40. 40

    Jutla C, Roy A. Relatively-sound NIZKs and password-based key-exchange. In: Proceedings of the 15th International Conference on Practice and Theory in Public Key Cryptography. Berlin: Springer, 2012. 485–503

Download references

Author information

Correspondence to Fushan Wei.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Wei, F., Ma, J., Zhang, R. et al. An efficient and practical threshold gateway-oriented password-authenticated key exchange protocol in the standard model. Sci. China Inf. Sci. 60, 72103 (2017). https://doi.org/10.1007/s11432-016-5535-7

Download citation

Keywords

  • password
  • key exchange
  • gateway
  • threshold
  • provable security
  • 072103

关键词

  • 口令
  • 密钥交换
  • 网关
  • 门限
  • 可证明安全