Password-authenticated key exchange between clients with different passwords

Jin Wook Byun, ik rae Jeong, Dong Hoon Lee, Chang Seop Park

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    88 Citations (Scopus)

    Abstract

    Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.

    Original languageEnglish
    Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    PublisherSpringer Verlag
    Pages134-146
    Number of pages13
    Volume2513
    ISBN (Print)3540001646
    Publication statusPublished - 2002
    Event4th International Conference on Information and Communications Security, ICICS 2002 - Singapore, Singapore
    Duration: 2002 Dec 92002 Dec 12

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume2513
    ISSN (Print)03029743
    ISSN (Electronic)16113349

    Other

    Other4th International Conference on Information and Communications Security, ICICS 2002
    Country/TerritorySingapore
    CitySingapore
    Period02/12/902/12/12

    Keywords

    • Cross-realm
    • Dictionary attack
    • Kerberos
    • Key exchange
    • Password authentication

    ASJC Scopus subject areas

    • Computer Science(all)
    • Theoretical Computer Science

    Fingerprint

    Dive into the research topics of 'Password-authenticated key exchange between clients with different passwords'. Together they form a unique fingerprint.

    Cite this