Abstract
We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this article, we propose a generic framework for designing four-party password-based authenticated key exchange (4PAKE) protocols. Our framework takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords, which they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that certify some key materials that the users can subsequently use to exchange and agree on as a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange (2PAKE) protocol and two-party asymmetric-key/symmetric-key-based key exchange (2A/SAKE) protocol as black boxes, we combine them to obtain generic and provably secure 4PAKE protocols.
- Abdalla, M., Fouque, P., and Pointcheval, D. 2005. Password-based authenticated key exchange in the three-party setting. In Proceedings of the PKC Conference. 65--84. Google ScholarDigital Library
- Backes, M., Cervesato, I., Jaggard, A. D., Scedrov, A., and Tsay, J. 2011. Cryptographically sound security proofs for basic and public-key Kerberos. Int. J. Inf. Security 10, 2, 107--134. Google ScholarDigital Library
- Bellare, M. and Namprempre, C. 2000. Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm. In Proceedings of ASIACRYPT. 531--545. Google ScholarDigital Library
- Bellare, M. and Rogaway, P. 1993a. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of CCS. 62--73. Google ScholarDigital Library
- Bellare, M. and Rogaway, P. 1993b. Entity authentication and key distribution. In Proceedings of CRYPTO. 232--249. Google ScholarDigital Library
- Bellare, M. and Rogaway, P. 1995. Provably secure session key distribution---The three party case. In Proceedings of STOC. 57--66. Google ScholarDigital Library
- Bellare, M., Canetti, R., and Rogaway, P. 1998. A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In Proceedings of STOC. 419--428. Google ScholarDigital Library
- Bellare, M., Kilian, J., and Rogaway, P. 2000a. The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61, 3, 362--399. Google ScholarDigital Library
- Bellare, M., Pointcheval, D., and Rogaway, P. 2000b. Authenticated key exchange secure against dictionary attacks. In Proceedings of EUROCRYPT. 139--155. Google ScholarDigital Library
- Bellovin, S. M. and Merritt, M. 1992. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings of the IEEE Symposium on Research in Security and Privacy. 72--84. Google ScholarDigital Library
- Boyko, V., MacKenzie, P., and Patel, S. 2000. Provably secure password authenticated key exchange using Diffie-Hellman. In Proceedings of EUROCRYPT. 156--171 Google ScholarDigital Library
- Butler, F., Cervesato, I., Jaggard, A. D., Scedrov, A., and Walstad, C. 2006. Formal analysis of Kerberos 5. Theoret. Comput. Sci. 367, 12, 57--87. Google ScholarDigital Library
- Byun, J. W., Jeong, I. R., Lee, D. H., and Park, C. S. 2002. Password-authenticated key exchange between clients with different passwords. In Proceedings of ICICS. 134--146. Google ScholarDigital Library
- Byun, J. W., Lee, D. H., and Lim, J. I. 2007. EC2C-PAKA: An efficient client-to-client password-authenticated key agreement. Inf. Sci. 177, 19, 3995--4013. Google ScholarDigital Library
- Canetti, R. and Krawczyk, H. 2001. Analysis of key-exchange protocols and their use for building secure channels. In Proceedings of EUROCRYPT. 453--474. Google ScholarDigital Library
- Cao, T., Quan, T., and Zhang, B. 2009. Cryptanalysis of some client-to-client password-authenticated key exchange protocols. J. Netw. 4, 4, 263--270.Google Scholar
- Cervesato, I., Jaggard, A. D., Scedrov, A., Tsay, J., and Walstad, C. 2008. Breaking and fixing public-key Kerberos. Inf. Comput. 206, 2--4, 402--424. Google ScholarDigital Library
- Chen, L. 2003. A weakness of the password-authenticated key agreement between clients with different passwords scheme. ISO/IEC JTC1/SC27 N3716. Circulated at The 27th SC27/WG2 Meeting in Paris, France.Google Scholar
- Dierks, T. and Rescorla, E. 2008. The TLS protocol version 1.2. The Internet Engineering Task Force (IETF), RFC 5246.Google Scholar
- Diffie, W. and Hellman, M. 1976. New directions in cryptography. IEEE Trans. Inf. Theory 22, 6, 644--654. Google ScholarDigital Library
- Ellison, C. and Schneier, B. 2000. Ten risks of PKI: What you’re not being told about public key infrastructure. Comput. Secur. J. 16, 1, 1--7. Google ScholarDigital Library
- Feng, D. and Xu, J. 2009. A new client-to-client password-authenticated key agreement protocol. In Proceedings of IWCC. 63--76. Google ScholarDigital Library
- Goldwasser, S., Micali, S., and Rivest, R. 1988. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 2, 281--308. Google ScholarDigital Library
- Hur, M., Tung, B., Ryutov, T., Neuman, C., Medvinsky, A., Tsudik, G., and Sommerfeld, B. 2001. Public key cryptography for cross-realm authentication in Kerberos. The Internet Engineering Task Force (IETF), Internet Draft (expires May 2002).Google Scholar
- Jablon, D. P. 1996. Strong password-only authenticated key exchange. ACM SIGCOMM Comput. Commun. Rev. 26, 5, 5--26. Google ScholarDigital Library
- Kohl, J. and Neuman, C. 1993. The Kerberos Network Authentication Service (V5). IETF, RFC 1510. Google ScholarDigital Library
- Krawczyk, H. 2003. SIGMA: The ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE-protocols. In Proceedings of CRYPTO. 400--425.Google Scholar
- Lampson, B., Abadi, M., Burrows, M., and Wobber, E. 1992. Authentication in distributed systems: Theory and practice. ACM Trans. Comput. Syst. 10, 4, 265--310. Google ScholarDigital Library
- Law, L., Menezes, A., Qu, M., Solinas, J. A., and Vanstone, S. A. 2003. An efficient protocol for authenticated key agreement. Des. Codes Crypt. 28, 2, 119--134. Google ScholarDigital Library
- Mannan, M., and van Oorschot, P. C. 2006. A protocol for secure public instant messaging. In Proceedings of FC. 20--35. Google ScholarDigital Library
- Neuman, B. C. and Ts’o, T. 1994. Kerberos: An authentication service for computer networks. IEEE Commun. 32, 9, 33--38. Google ScholarDigital Library
- Neuman, C., Yu, T., Hartman, S., and Raeburn, K. 2005. The Kerberos network authentication service (V5). The Internet Engineering Task Force (IETF), RFC 4120.Google Scholar
- Phan, R. C.-W. and Goi, B.-M. 2005. Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme. In Proceedings of ACNS. 33--39. Google ScholarDigital Library
- Phan, R. C.-W. and Goi, B.-M. 2006. Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols. In Proceedings of INDOCRYPT. 104--117. Google ScholarDigital Library
- Price, G. 2005. PKI challenges: An industry analysis. In Proceedings of IWAP. 3--16. Google ScholarDigital Library
- Shoup, V. 1999. On formal models for secure key exchange. IBM Research Report, RZ 3120.Google Scholar
- Shoup, V. 2002. OAEP reconsidered. J. Crypt. 15, 4, 223--249. Google ScholarDigital Library
- Tin, Y.S. T., Vasanta, H., Boyd, C., and Nieto, J. M. G. 2004. Protocols with security proofs for mobile applications. In Proceedings of ACISP. 358--369.Google Scholar
- Wang, S., Wang, J., and Xu, M. 2004. Weaknesses of a password-authenticated key exchange protocol between clients with different passwords. In Proceedings of ACNS. 414--425.Google Scholar
- Wobber, E., Abadi, M., Burrows, M., and Lampson, B. 1994. Authentication in the Taos operating system. ACM Trans. Comput. Syst. 12, 1, 3--32. Google ScholarDigital Library
- Wu, S. and Zhu, Y. 2009. Client-to-client password-based authenticated key establishment in a cross-realm setting. J. Netw. 4, 7, 649--656.Google Scholar
- Yin, Y. and Bao, L. 2006. Secure cross-realm C2C-PAKE protocol. In Proceedings of ACISP. 395--406. Google ScholarDigital Library
- Zhu, L. and Tung, B. 2006. Public key cryptography for initial authentication in Kerberos (PKINIT). The Internet Engineering Task Force (IETF), RFC 4556.Google Scholar
Index Terms
- Cross-Domain Password-Based Authenticated Key Exchange Revisited
Recommendations
A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks
Password-based two-party authenticated key exchange 2PAKE protocol enables two or more entities, who only share a low-entropy password between them, to authenticate each other and establish a high-entropy secret session key. Recently, Zheng et al. ...
Scalable protocol for cross-domain group password-based authenticated key exchange
Cross-domain password-based authenticated key exchange (PAKE) protocols have been studied for many years. However, these protocols are mainly focusing on multi-participant within a single domain in an open network environment. This paper proposes a novel ...
Password-authenticated key exchange based on RSA
Special Issue on Special Purpose Protocols;Guest Editor:Moti YungThere have been many proposals in recent years for password-authenticated key exchange protocols, i.e., protocols in which two parties who share only a short secret password perform a key exchange authenticated with the password. However, the only ones ...
Comments