Efficient Augmented Password-Based Encrypted Key Exchange Protocol

  • Shuhua Wu
  • Yuefei Zhu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4325)

Abstract

In this paper, we propose an efficient augmented password-based encrypted key exchange protocol based on that of Bellovin and Merritt. The protocol is more efficient than any of the existing augmented encrypted key exchange protocols in the literature we can document and thus is popular in low resource environments. Furthermore, we have proved its security under the assumptions that the hash function closely behaves like a random oracle and that the computational Diffie-Hellman problem is difficult.

Keywords

password encrypted key exchange Diffie-Hellman assumptions 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72–84. IEEE Computer Society Press, Los Alamitos (1992)CrossRefGoogle Scholar
  2. 2.
    Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In: ACM Security (CCS 1993), pp. 224–250 (1993)Google Scholar
  3. 3.
    Gong, L.: Optimal authentication protocols resistant to password guessing attacks. In: 8th IEEE Computer Security Foundations Workshop, pp. 24–29 (1995)Google Scholar
  4. 4.
    Jablon, D.: Strong password-only authentication key exchange. ACM Computer Communication Review, ACM SIGCOMM 26(5), 5–20 (1996)CrossRefGoogle Scholar
  5. 5.
    Jablon, D.: Extended password key exchange protocols immune to dictionary attack. In: WETICE 1997 Workshop on Enterprise Security (1997)Google Scholar
  6. 6.
    Lucks, S.: Open key exchange: How to defeat dictPionary attacks without encrypting public keys. In: Proceedings of the Workshop on Security Protocols (1997)Google Scholar
  7. 7.
    Boyd, C., Montague, P., Nguyen, K.: Elliptic Curve Based Password Authenticated Key Exchange Protocols. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 487–501. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Wong, D.S., Chan, A.H., Zhu, F.: Password Authenticated Key Exchange for Resource-Constrained Wireless Communications (Extended Abstract). ICN (2), 827–834 (2005)Google Scholar
  9. 9.
    Bellare, M., Rogaway, P.: The AuthA protocol for password-based authenticated key exchange. In: Contributions to IEEE P1363 (March 2000)Google Scholar
  10. 10.
    Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: ACM CCS 2003. ACM Press, New York (2003)Google Scholar
  11. 11.
    Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Kobara, K., Imai, H.: Pretty-simple password-authenticated key-exchange under standard assumptions. IEICE Transactions E85-A(10), 2229–2237 (2002), Also available at: http://eprint.iacr.org/2003/038/ Google Scholar
  13. 13.
    MacKenzie, P.D.: The PAK suite: Protocols for password-authenticated key exchange. Contributions to IEEE P1363.2 (2002)Google Scholar
  14. 14.
    Abdalla, M., Pointcheval, D.: Simple Password-Based Encrypted Key Exchange Protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Abdalla, M., Chevassut, O., Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Patel, S.: Number theoretic attacks on secure password schemes. In: Proceedings of IEEE Security and Privacy, pp. 236–247 (1997)Google Scholar
  17. 17.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science, Miami Beach, Florida, October 19-22, 1997, pp. 394–403. IEEE Computer Society Press, Los Alamitos (1997)CrossRefGoogle Scholar
  18. 18.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Abdalla, M., Bellare, M., Rogaway, P.: The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Shuhua Wu
    • 1
  • Yuefei Zhu
    • 1
  1. 1.Department of Networks EngineeringZhengzhou Information Engineering InstituteZhengzhouChina

Personalised recommendations