Practical RSA-PAKE for low-power device in imbalanced wireless networks

For enhancing the security of ubiquitous communication, we have to consider three keywords: mobility, wireless, and low computing capability. In this paper, we study one of suitable security protocols for the ubiquitous communication environment. We discuss RSA-based password-authenticated key exchange (RSA-PAKE) protocols for imbalanced wireless networks where a party uses a low-power device to communicate with another party equipped with a powerful computing device. For imbalanced wireless network applications, it is important to reduce the cost of communication for a low-power device even though the cost for powerful devices is increasing. The most power-consuming operation in RSA-PAKE protocols is the reliability test of unauthorized RSA public keys. Hence, it is important to design an efficient reliability test method to construct an efficient RSA-PAKE protocol. In this paper, we propose a new reliability test technique and design a provably secure RSA-PAKE protocol using the technique. Our protocol is suitable for securing the communications conducted over imbalanced wireless networks since the operations computed by one communicating party are efficient enough to be implemented on most low-power devices such as mobile phones and PDAs. The cost of a low-power device is reduced by 84.25% compared with CEKEP, the most efficient RSA-PAKE protocol. We prove the security of our protocol under a firmly formalized security model.