Leakage-Resilient Authenticated Key Establishment Protocols

  • SeongHan Shin
  • Kazukuni Kobara
  • Hideki Imai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2894)

Abstract

Authenticated Key Establishment (AKE) protocols enable two entities, say a client (or a user) and a server, to share common session keys in an authentic way. In this paper, we review AKE protocols from a little bit different point of view, i.e. the relationship between information a client needs to possess (for authentication) and immunity to the respective leakage of stored secrets from a client side and a server side. Since the information leakage would be more conceivable than breaking down the underlying cryptosystems, it is desirable to enhance the immunity to the leakage. First and foremost, we categorize AKE protocols according to how much resilience against the leakage can be provided. Then, we propose new AKE protocols that have immunity to the leakage of stored secrets from a client and a server (or servers), respectively. And we extend our protocols to be possible for updating secret values registered in server(s) or password remembered by a client.

References

  1. 1.
    Abdalla, M., Miner, S., Namprempre, C.: Forward-Secure Threshold Signature Schemes. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 441–456. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Anderson, R.: Two Remarks on Public Key Cryptology. Technical Report, No. 549, University of Cambridge (December 2002)Google Scholar
  3. 3.
    Bresson, E., Chevassut, O., Pointcheval, D.: Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 497–514. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure against Dictioinary Attacks. In: Proc. of IEEE Symposium on Security and Privacy, pp. 72–84 (1992)Google Scholar
  5. 5.
    Bellare, M., Miner, S.: A Forward-Secure Digital Signature Scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)Google Scholar
  6. 6.
    Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Blakley, G.R.: Safeguarding Cryptographic Keys. In: Proc. of National Computer Conference 1979. AFIPS, vol. 48, pp. 313–317 (1979)Google Scholar
  8. 8.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Proc. of ACM CCS 1993, pp. 62–73 (1993)Google Scholar
  10. 10.
    CERT Coordination Center, http://www.cert.org/
  11. 11.
    Canetti, R., Halevi, S., Katz, J.: A Forward-Secure Public-Key Encryption Scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-Insulated Public Key Cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Frier, Karlton, P., Kocher, P.: The SSL 3.0 Protocol. Netscape Communications Corp. (1996), http://wp.netscape.com/eng/ssl3/
  15. 15.
    Goldreich, O., Lindell, Y.: Session-Key Generation using Human Passwords Only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Gennaro, R., Lindell, Y.: A Framework for Password-based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003), A full paper is available at: http://eprint.iacr.org/2003/032 CrossRefGoogle Scholar
  17. 17.
    Herzberg, A., Jakobsson, M., Jarecki, S., Krawczyk, H., Yung, M.: Proactive Public Key and Signature Systems. In: Proc. of ACM CCS 1996, April 1997, pp. 100–110 (1996)Google Scholar
  18. 18.
    IEEE Std. 1363-2000. IEEE Standard Specifications for Public Key Cryptography. Main Document, August 29, pp. 53–57. IEEE, Los Alamitos (2000)Google Scholar
  19. 19.
    IEEE P1363.2. Standard Specifications for Password-based Public Key Cryptographic Techniques. Draft version 11, August 12 (2003)Google Scholar
  20. 20.
    IETF (Internet Engineering Task Force). Challenge Handshake Authentication Protocol, http://www.ietf.org/rfc/rfc1994.txt
  21. 21.
    IETF (Internet Engineering Task Force). IP Security Protocol (ipsec) Charter, http://www.ietf.org/html.charters/ipsec-charter.html
  22. 22.
    IETF (Internet Engineering Task Force). Secure Shell (secsh) Charter, http://www.ietf.org/html.charters/secsh-charter.html
  23. 23.
    IETF (Internet Engineering Task Force). Transport Layer Security (tls) Charter, http://www.ietf.org/html.charters/tls-charter.html
  24. 24.
    Itkis, G., Reyzin, L.: SiBIR: Signer-Base Intrusion-Resilient Signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. 25.
    Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. IETF RFC 2104 (1997), http://www.ietf.org/rfc/rfc2104.txt
  26. 26.
    Kobara, K., Imai, H.: Pretty-Simple Password-Authenticated Key-Exchange under Standard Assumptions. IACR ePrint Archieve (2003), http://eprint.iacr.org/2003/038
  27. 27.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient Password-Authenticated Key Exchange using Human-Memorable Passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Kwon, T.: Authentication and Key Agreement via Memorable Password. In: Proc. of NDSS 2001 Symposium (2001)Google Scholar
  29. 29.
    MacKenzie, P.: More Efficient Password-Authenticated Key Exchange. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 361–377. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. 30.
    MacKenzie, P.: On the Security of the SPEKE Password-Authenticated Key Exchange Protocol. IACR ePrint Archieve (2001), http://eprint.iacr.org/2001/057/
  31. 31.
    Microsoft Corporation, http://www.microsoft.com/
  32. 32.
    MacKenzie, P., Patel, S., Swaminathan, R.: Password-Authenticated Key Exchange Based on RSA. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  33. 33.
    MacKenzie, P., Shrimpton, T., Jakobsson, M.: Threshold Password- Authenticated Key Exchange. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 385–400. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  34. 34.
    Naor, M., Yung, M.: Universal One-Way Hash Functions and Their Cryptographic Applications. In: Proc. of STOC 1998, pp. 33–43 (1998)Google Scholar
  35. 35.
    Ostrovsky, R., Yung, M.: How to Withstand Mobile Virus Attacks. In: Proc. of 10th Annual ACM Symposium on Principles of Distributed Computing (1991)Google Scholar
  36. 36.
    Raimondo, M.D., Gennaro, R.: Provably Secure Threshold Password- Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 507–523. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  37. 37.
    Shamir: How to Share a Secret. Proc. of Communications of the ACM 22(11), 612–613 (1979)MATHCrossRefMathSciNetGoogle Scholar
  38. 38.
    A full version of this paper will appear in IACR ePrint ArchieveGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • SeongHan Shin
    • 1
  • Kazukuni Kobara
    • 1
  • Hideki Imai
    • 1
  1. 1.Institute of Industrial ScienceThe University of TokyoTokyoJapan

Personalised recommendations