EC2C-PAKA: An efficient client-to-client password-authenticated key agreement

Jin Wook Byun, Dong Hoon Lee, Jong In Lim

Research output: Contribution to journalArticle

62 Citations (Scopus)

Abstract

Most password-authenticated key agreement schemes described in the literature have focused on authenticated key agreement using a shared password between a client and a server. With rapid changes in the modern communication environment such as ad hoc networks and ubiquitous computing, it is necessary to construct a secure end-to-end channel between clients. This paradigm is a quite different paradigm from the existing ones. In this paper, we study client-to-client password-authenticated key agreement (C2C-PAKA) enabling two clients in different realms to agree on a common session key using different passwords. Byun et al. first presented a C2C-PAKA protocol under the cross-realm setting. However, the scheme was not formally treated, and subsequently found to be flawed. In addition, in this scheme, there is still opportunity for improvements both in the computation and communication aspects. We provide formal treatments for the C2C-PAKA protocol by using Bellare et al.'s security model. We also suggest an efficient C2C-PAKA protocol and prove that the protocol is secure under the decisional Diffie-Hellman assumption in the ideal cipher and random oracle models.

Original languageEnglish
Pages (from-to)3995-4013
Number of pages19
JournalInformation Sciences
Volume177
Issue number19
DOIs
Publication statusPublished - 2007 Oct 1

    Fingerprint

Keywords

  • Authenticated key agreement
  • Cross-realm setting
  • Cryptography
  • Different password authentication

ASJC Scopus subject areas

  • Statistics and Probability
  • Electrical and Electronic Engineering
  • Statistics, Probability and Uncertainty
  • Information Systems and Management
  • Information Systems
  • Computer Science Applications
  • Artificial Intelligence

Cite this