An Authentication and Key Exchange Protocol for Secure Credential Services

  • SeongHan Shin
  • Kazukuni Kobara
  • Hideki Imai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4176)


In this paper, we propose a leakage-resilient and proactive authenticated key exchange (called LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. The LRP-AKE protocol is provably secure in the random oracle model with the reduction to the computational Diffie-Hellman problem.


Random Oracle Secret Sharing Scheme Secure Channel Random Oracle Model Extensible Authentication Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Bresson, E., Chevassut, O., Moller, B., Pointcheval, D.: Provably Secure Password-based Authentication in TLS. In: Proc. of AsiaCCS 2006. ACM, New York (2006)Google Scholar
  2. 2.
    Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetx, H.: Extensible Authentication Protocol (EAP). IETF RFC 3748 (June 2004)Google Scholar
  3. 3.
    Abdalla, M., Pointcheval, D.: Simple Password-Based Encrypted Key Exchange Protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Bresson, E., Chevassut, O., Pointcheval, D.: New Security Results on Encrypted Key Exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attacks. In: Proc. of IEEE Symposium on Security and Privacy, pp. 72–84 (1992)Google Scholar
  6. 6.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Proc. of ACM CCS 1993, pp. 62–73 (1993)Google Scholar
  8. 8.
    Blunk, L., Vollbrecht, J.: PPP Extensible Authentication Protocol (EAP). IETF RFC 2284 (March 1998)Google Scholar
  9. 9.
    Canetti, R., Goldreich, O., Halevi, S.: The Random Oracle Methodology, Revisited. In: Proc. of the 30th ACM Symposium on Theory of Computing (STOC), pp. 209–218. ACM, New York (1998)Google Scholar
  10. 10.
    Catalano, D., Pointcheval, D., Pornin, T.: Trapdoor Hard-to-Invert Group Isomorphisms and Their Application to Password-based Authentication. Journal of Cryptology (2006); The extended abstract appeared at CRYPTO 2004Google Scholar
  11. 11.
    Ford, W., Kaliski, B.S.: Server-Assisted Generation of a Strong Secret from a Password. In: Proc. of the Fifth International Workshop on Enterprise Security. IEEE, Los Alamitos (2000)Google Scholar
  12. 12.
    Haverinen, H., Salowey, J.: Extensible Authentication Protocol Method for GSM Subscriber Identity Modules (EAP-SIM) (December 2004)Google Scholar
  13. 13.
    Jablon, D.P.: Password Authentication Using Multiple Servers. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 344–360. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Kwon, T.: Virtual Software Tokens - A Practical Way to Secure PKI Roaming. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 288–302. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Ostrovsky, R., Yung, M.: How to Withstand Mobile Virus Attacks. In: Proc. of 10th Annual ACM Symposium on Principles of Distributed Computing (1991)Google Scholar
  16. 16.
    Patel, S.: Number Theoretic Attacks on Secure Password Schemes. In: Proc. of IEEE Symposium on Security and Privacy, pp. 236–247. IEEE Computer Society, Los Alamitos (1997)Google Scholar
  17. 17.
    Patel, S.: Analysis of EAP-SIM Session Key Agreement, Available at:
  18. 18.
    Perlman, R., Kaufman, C.: Secure Password-Based Protocol for Downloading a Private Key. In: Proc. 1999 Network and Distributed System Security Symposium, Internet Security (1999)Google Scholar
  19. 19.
    Sandhu, R., Bellare, M., Ganesan, R.: Password Enabled PKI: Virtual Smartcards vs. Virtual Soft Tokens. In: Proc. of the 1st Annual PKI Research Workshop, pp. 89–96 (2002)Google Scholar
  20. 20.
    Shoup, V.: On Formal Models for Secure Key Exchange. IBM Research Report RZ 3121 (1999), Available at:
  21. 21.
    Shoup, V.: OAEP Reconsidered. Journal of Cryptology 15(4), 223–249 (2002)MATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Shin, S., Kobara, K., Imai, H.: Efficient and Leakage-Resilient Authenticated Key Transport Protocol Based on RSA. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 269–284. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Shin, S.H., Kobara, K., Imai, H.: Security Proof of Efficient and Leakage-Resilient Authenticated Key Transport Protocol Based on RSA. Cryptology ePrint Archive, Report 2005/190 (2005)Google Scholar
  24. 24.
    Tardo, J., Alagappan, K.: SPX: Global Authentication Using Public Key Certificates. In: Proc. of 1991 IEEE Computer Society Symposium on Security and Privacy, pp. 232–244 (1991)Google Scholar
  25. 25.
    Tang, Q., Mitchell, C.J.: Weaknesses in a Leakage-Resilient Authenticated Key Transport Protocol. Cryptology ePrint Archive, Report 2005/173 (2005)Google Scholar
  26. 26.
    Wang, X.: Intrusion-Tolerant Password-Enabled PKI. In: Proc. of the 2nd Annual PKI Research Workshop, pp. 44–53 (2003)Google Scholar
  27. 27.
    Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 Proxy Certificates for Dynamic Delegation. In: Proc. of the 3rd Annual PKI R&D Workshop (2004)Google Scholar
  28. 28.
    Wan, Z., Wang, S.: Cryptanalysis of Two Password-Authenticated Key Exchange Protocols. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 164–175. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • SeongHan Shin
    • 1
  • Kazukuni Kobara
    • 1
  • Hideki Imai
    • 1
    • 2
  1. 1.Research Center for Information Security (RCIS), National Institute of Advanced Industrial Science and Technology (AIST)TokyoJapan
  2. 2.Chuo UniversityTokyoJapan

Personalised recommendations