Password-authenticated key exchange between clients with different passwords

Jin Wook Byun; Ik Rae Jeong; Dong Hoon Lee; Chang Seop Park

doi:10.1007/3-540-36159-6_12

Password-authenticated key exchange between clients with different passwords

Jin Wook Byun, Ik Rae Jeong, Dong Hoon Lee, Chang Seop Park

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

93 Citations (Scopus)

Abstract

Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.

Original language	English
Title of host publication	Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings
Editors	Robert Deng, Feng Bao, Jianying Zhou, Sihan Qing
Publisher	Springer Verlag
Pages	134-146
Number of pages	13
ISBN (Print)	3540001646
DOIs	https://doi.org/10.1007/3-540-36159-6_12
Publication status	Published - 2002
Event	4th International Conference on Information and Communications Security, ICICS 2002 - Singapore, Singapore Duration: 2002 Dec 9 → 2002 Dec 12

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	2513
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	4th International Conference on Information and Communications Security, ICICS 2002
Country/Territory	Singapore
City	Singapore
Period	02/12/9 → 02/12/12

Keywords

Cross-realm
Dictionary attack
Kerberos
Key exchange
Password authentication

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/3-540-36159-6_12

Cite this

Byun, J. W., Jeong, I. R., Lee, D. H., & Park, C. S. (2002). Password-authenticated key exchange between clients with different passwords. In R. Deng, F. Bao, J. Zhou, & S. Qing (Eds.), Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings (pp. 134-146). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2513). Springer Verlag. https://doi.org/10.1007/3-540-36159-6_12

Password-authenticated key exchange between clients with different passwords. / Byun, Jin Wook; Jeong, Ik Rae ; Lee, Dong Hoon et al.

Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. ed. / Robert Deng; Feng Bao; Jianying Zhou; Sihan Qing. Springer Verlag, 2002. p. 134-146 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2513).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Byun, JW, Jeong, IR , Lee, DH & Park, CS 2002, Password-authenticated key exchange between clients with different passwords. in R Deng, F Bao, J Zhou & S Qing (eds), Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2513, Springer Verlag, pp. 134-146, 4th International Conference on Information and Communications Security, ICICS 2002, Singapore, Singapore, 02/12/9. https://doi.org/10.1007/3-540-36159-6_12

Byun JW, Jeong IR , Lee DH, Park CS. Password-authenticated key exchange between clients with different passwords. In Deng R, Bao F, Zhou J, Qing S, editors, Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. Springer Verlag. 2002. p. 134-146. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/3-540-36159-6_12

Byun, Jin Wook ; Jeong, Ik Rae ; Lee, Dong Hoon et al. / Password-authenticated key exchange between clients with different passwords. Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings. editor / Robert Deng ; Feng Bao ; Jianying Zhou ; Sihan Qing. Springer Verlag, 2002. pp. 134-146 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{34dff4f464fc4283a55247db64ea87c4,

title = "Password-authenticated key exchange between clients with different passwords",

abstract = "Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.",

keywords = "Cross-realm, Dictionary attack, Kerberos, Key exchange, Password authentication",

author = "Byun, {Jin Wook} and Jeong, {Ik Rae} and Lee, {Dong Hoon} and Park, {Chang Seop}",

note = "Publisher Copyright: {\textcopyright} Springer-Verlag Berlin Heidelberg 2002.; 4th International Conference on Information and Communications Security, ICICS 2002 ; Conference date: 09-12-2002 Through 12-12-2002",

year = "2002",

doi = "10.1007/3-540-36159-6_12",

language = "English",

isbn = "3540001646",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "134--146",

editor = "Robert Deng and Feng Bao and Jianying Zhou and Sihan Qing",

booktitle = "Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings",

}

TY - GEN

T1 - Password-authenticated key exchange between clients with different passwords

AU - Byun, Jin Wook

AU - Jeong, Ik Rae

AU - Lee, Dong Hoon

AU - Park, Chang Seop

N1 - Publisher Copyright: © Springer-Verlag Berlin Heidelberg 2002.

PY - 2002

Y1 - 2002

N2 - Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.

AB - Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.

KW - Cross-realm

KW - Dictionary attack

KW - Kerberos

KW - Key exchange

KW - Password authentication

UR - http://www.scopus.com/inward/record.url?scp=84944063128&partnerID=8YFLogxK

U2 - 10.1007/3-540-36159-6_12

DO - 10.1007/3-540-36159-6_12

M3 - Conference contribution

AN - SCOPUS:84944063128

SN - 3540001646

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 134

EP - 146

BT - Information and Communications Security - 4th International Conference, ICICS 2002, Proceedings

A2 - Deng, Robert

A2 - Bao, Feng

A2 - Zhou, Jianying

A2 - Qing, Sihan

PB - Springer Verlag

T2 - 4th International Conference on Information and Communications Security, ICICS 2002

Y2 - 9 December 2002 through 12 December 2002

ER -

Password-authenticated key exchange between clients with different passwords

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this