One-round protocol for two-party verifier-based password-authenticated key exchange

Jeong Ok Kwon, Kouichi Sakurai, Dong Hoon Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages87-96
Number of pages10
Volume4237 LNCS
Publication statusPublished - 2006 Dec 8
Event10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006 - Heraklion, Crete, Greece
Duration: 2006 Oct 192006 Oct 21

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4237 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006
CountryGreece
CityHeraklion, Crete
Period06/10/1906/10/21

Fingerprint

Authenticated Key Exchange
Confidentiality
Password
Network protocols
Security Protocols
Server
Attack
Servers
caN protocol
Building Blocks

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Kwon, J. O., Sakurai, K., & Lee, D. H. (2006). One-round protocol for two-party verifier-based password-authenticated key exchange. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4237 LNCS, pp. 87-96). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4237 LNCS).

One-round protocol for two-party verifier-based password-authenticated key exchange. / Kwon, Jeong Ok; Sakurai, Kouichi; Lee, Dong Hoon.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4237 LNCS 2006. p. 87-96 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4237 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kwon, JO, Sakurai, K & Lee, DH 2006, One-round protocol for two-party verifier-based password-authenticated key exchange. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 4237 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4237 LNCS, pp. 87-96, 10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006, Heraklion, Crete, Greece, 06/10/19.
Kwon JO, Sakurai K, Lee DH. One-round protocol for two-party verifier-based password-authenticated key exchange. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4237 LNCS. 2006. p. 87-96. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Kwon, Jeong Ok ; Sakurai, Kouichi ; Lee, Dong Hoon. / One-round protocol for two-party verifier-based password-authenticated key exchange. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4237 LNCS 2006. pp. 87-96 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{d431480643a34c0994b00351daa9a481,
title = "One-round protocol for two-party verifier-based password-authenticated key exchange",
abstract = "Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.",
author = "Kwon, {Jeong Ok} and Kouichi Sakurai and Lee, {Dong Hoon}",
year = "2006",
month = "12",
day = "8",
language = "English",
isbn = "3540478205",
volume = "4237 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "87--96",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - One-round protocol for two-party verifier-based password-authenticated key exchange

AU - Kwon, Jeong Ok

AU - Sakurai, Kouichi

AU - Lee, Dong Hoon

PY - 2006/12/8

Y1 - 2006/12/8

N2 - Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.

AB - Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.

UR - http://www.scopus.com/inward/record.url?scp=33845220514&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33845220514&partnerID=8YFLogxK

M3 - Conference contribution

SN - 3540478205

SN - 9783540478201

VL - 4237 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 87

EP - 96

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -