Password-authenticated key exchange between clients with different passwords

Jin Wook Byun, ik rae Jeong, Dong Hoon Lee, Chang Seop Park

Research output: Chapter in Book/Report/Conference proceedingConference contribution

86 Citations (Scopus)

Abstract

Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages134-146
Number of pages13
Volume2513
ISBN (Print)3540001646
Publication statusPublished - 2002
Event4th International Conference on Information and Communications Security, ICICS 2002 - Singapore, Singapore
Duration: 2002 Dec 92002 Dec 12

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2513
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other4th International Conference on Information and Communications Security, ICICS 2002
CountrySingapore
CitySingapore
Period02/12/902/12/12

Fingerprint

Authenticated Key Exchange
Password
Servers
Attack
Communication
Single Server
Server
Paradigm
Necessary

Keywords

  • Cross-realm
  • Dictionary attack
  • Kerberos
  • Key exchange
  • Password authentication

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Byun, J. W., Jeong, I. R., Lee, D. H., & Park, C. S. (2002). Password-authenticated key exchange between clients with different passwords. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2513, pp. 134-146). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2513). Springer Verlag.

Password-authenticated key exchange between clients with different passwords. / Byun, Jin Wook; Jeong, ik rae; Lee, Dong Hoon; Park, Chang Seop.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2513 Springer Verlag, 2002. p. 134-146 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2513).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Byun, JW, Jeong, IR, Lee, DH & Park, CS 2002, Password-authenticated key exchange between clients with different passwords. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 2513, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2513, Springer Verlag, pp. 134-146, 4th International Conference on Information and Communications Security, ICICS 2002, Singapore, Singapore, 02/12/9.
Byun JW, Jeong IR, Lee DH, Park CS. Password-authenticated key exchange between clients with different passwords. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2513. Springer Verlag. 2002. p. 134-146. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Byun, Jin Wook ; Jeong, ik rae ; Lee, Dong Hoon ; Park, Chang Seop. / Password-authenticated key exchange between clients with different passwords. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2513 Springer Verlag, 2002. pp. 134-146 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{34dff4f464fc4283a55247db64ea87c4,
title = "Password-authenticated key exchange between clients with different passwords",
abstract = "Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.",
keywords = "Cross-realm, Dictionary attack, Kerberos, Key exchange, Password authentication",
author = "Byun, {Jin Wook} and Jeong, {ik rae} and Lee, {Dong Hoon} and Park, {Chang Seop}",
year = "2002",
language = "English",
isbn = "3540001646",
volume = "2513",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "134--146",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Password-authenticated key exchange between clients with different passwords

AU - Byun, Jin Wook

AU - Jeong, ik rae

AU - Lee, Dong Hoon

AU - Park, Chang Seop

PY - 2002

Y1 - 2002

N2 - Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.

AB - Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.

KW - Cross-realm

KW - Dictionary attack

KW - Kerberos

KW - Key exchange

KW - Password authentication

UR - http://www.scopus.com/inward/record.url?scp=84944063128&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84944063128&partnerID=8YFLogxK

M3 - Conference contribution

SN - 3540001646

VL - 2513

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 134

EP - 146

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

ER -