• PDF / 461,666 Bytes
• 10 Pages / 430 x 660 pts Page_size
• 56 Downloads / 219 Views

DOWNLOAD

REPORT

Abstract. In this paper, we present a computationally efficient password authenticated key exchange protocol based on quadratic residues. The protocol, called QR-CEKE, is derived from the protocol QR-EKE, a previously published password authenticated key exchange protocol based on quadratic residues. The computational time for the client, however, is significant reduced in the protocol QR-CEKE. In comparison with QR-EKE, the protocol QR-CEKE is more suitable to an imbalanced computing environment where a low-end client device communicates with a powerful server over a broadband network. Based on number-theoretic techniques, we show that the computationally efficient password authenticated key exchange protocol is secure against residue attacks, a special type of off-line dictionary attack against passwordauthenticated key exchange protocols based on factorization. We also provide a formal security analysis of QR-CEKE under the factoring assumption and the random oracle model.

1

Introduction

Password-authenticated key exchange protocols allow two entities who share a small password to authenticate each other and agree on a large session key between them. Such protocols are attractive for their simplicity and convenience and have received much interest in the research community. A major challenge in designing password-authenticated key exchange protocols is to deal with the so-called exhaustive guessing or off-line dictionary attack, as passwords are generally drawn from a small space enumerable, off-line, by an adversary. In 1992, Bellovin and Merritt [3] presented a family of protocols, known as Encrypted Key exchange (EKE), which was shown to be secure against off-line dictionary attack. Following EKE, a number of protocols for password-based authentication and key exchange have been proposed; a comprehensive list of such protocols can be found in Jablon’s research link [6]. Over the last decade, many researchers have investigated the feasibility of implementing EKE using different types of public-key cryptosystems such as RSA, ElGamal, and Diffie-Hellman key exchange. Nonetheless, most of the well-known and secure variants of EKE K. Srinathan, C. Pandu Rangan, M. Yung (Eds.): Indocrypt 2007, LNCS 4859, pp. 312–321, 2007. c Springer-Verlag Berlin Heidelberg 2007 

Computationally-Efficient Password Authenticated Key Exchange

313

are based on Diffie-Hellman key exchange. It seems that EKE works well with Diffie-Hellman key exchange, but presents subtleties one way or the other when implemented with RSA and other public-key cryptographic systems. In their original paper [3], Bellovin and Merritt pointed out that the RSA-based EKE variant is subject to a special type of dictionary attack, called residue attack. In 1997, Lucks [7] proposed an RSA-based password-authenticated key exchange protocol (called OKE) which was claimed to be secure against residue attacks. Later, Mackenzie et al. [8] found that the OKE protocol is still subject to residue attacks. In [8], Mackenzie et al. proposed an RSA-based EKE variant (called SNAPI) an

Recommend Documents

Fuzzy Asymmetric Password-Authenticated Key Exchange

174 39 24MB

An Efficient Password-Only Two-Server Authenticated Key Exchange System

175 23 486KB

Separating Symmetric and Asymmetric Password-Authenticated Key Exchange

228 52 16MB

A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps

166 59 430KB

Password-Based Tripartite Key Exchange Protocol with Forward Secrecy

166 52 26MB

Making Password Authenticated Key Exchange Suitable for Resource-Constrained Industrial Control Devices

190 6 370KB

Password-authenticated searchable encryption

195 69 1012KB

Beyond Secret Handshakes: Affiliation-Hiding Authenticated Key Exchange

160 85 9MB

Practical Threshold Password-Authenticated Secret Sharing Protocol

174 85 434KB

Quadratic Residues and Non-Residues Selected Topics

198 40 3MB

Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework

161 13 667KB

Round-Optimal Password-Based Group Key Exchange Protocols in the Standard Model

162 114 504KB