• PDF / 683,032 Bytes
• 17 Pages / 430 x 660 pts Page_size
• 13 Downloads / 199 Views

DOWNLOAD

REPORT

cole Normale Supérieure, LIENS-CNRS-INRIA, Paris, France 2 Università di Catania, Italy

Abstract. Most of the existing password-based authenticated key exchange protocols have proofs either in the indistinguishability-based security model of Bellare, Pointcheval, and Rogaway (BPR) or in the simulation-based of Boyko, MacKenzie, and Patel (BMP). Though these models provide a security level that is sufficient for most applications, they fail to consider some realistic scenarios such as participants running the protocol with different but possibly related passwords. To overcome these deficiencies, Canetti et al. proposed a new security model in the universal composability (UC) framework which makes no assumption on the distribution on passwords used by the protocol participants. They also proposed a new protocol, but, unfortunately, the latter is not as efficient as some of the existing protocols in BPR and BMP models. In this paper, we investigate whether some of the existing protocols that were proven secure in BPR and BMP models can also be proven secure in the new UC model and we answer this question in the affirmative. More precisely, we show that the protocol by Bresson, Chevassut, and Pointcheval (BCP) in CCS 2003 is also secure in the new UC model. The proof of security relies in the random-oracle and ideal-cipher models and works even in the presence of adaptive adversaries, capable of corrupting players at any time and learning their internal states.

1

Introduction

Password-based authenticated key exchange (PAKE) protocols allow users to securely establish a common key over an insecure channel only using a low-entropy, human-memorizable, secret key called a password. Since PAKE protocols do not require complex public-key infrastructure (PKI) or trusted hardware capable of storing high-entropy keys, they have become quite popular since being introduced by Bellovin and Merritt [3]. Due to the low entropy of passwords, PAKE protocols are subject to dictionary attacks in which the adversary tries to break the security of the scheme by trying all values for the password in the small set of the possible values (i.e., the dictionary). Unfortunately, these attacks can be quite damaging since the attacker has a non-negligible probability of succeeding. To address this problem, one should invalidate or block the use of a password whenever a certain number of failed attempts occurs. However, this is only effective in the case of online T. Malkin (Ed.): CT-RSA 2008, LNCS 4964, pp. 335–351, 2008. c Springer-Verlag Berlin Heidelberg 2008 

336

M. Abdalla et al.

dictionary attacks in which the adversary must be present and interact with the system in order to be able to verify whether its guess is correct. Thus, the goal of PAKE protocol is restrict the adversary to online dictionary attacks only. In other words, off-line dictionary attacks, in which the adversary verifies if a password guess is correct without interacting with the system, should not be possible in a PAKE protocol. Security Models. Even though the notion of pas

Recommend Documents

An Efficient Password-Only Two-Server Authenticated Key Exchange System

175 23 486KB

Computationally-Efficient Password Authenticated Key Exchange Based on Quadratic Residues

159 56 451KB

Risk Balance in Exchange Protocols

146 48 9MB

Round-Optimal Password-Based Group Key Exchange Protocols in the Standard Model

162 114 504KB

A Simple and Efficient Key Exchange Scheme Against the Smart Card Loss Problem

136 30 481KB

Authentication and Key Establishment Protocols

159 74 7MB

Rational Delegation of Computation Based on Reputation and Contract Theory in the UC Framework

169 91 626KB

Fuzzy Asymmetric Password-Authenticated Key Exchange

174 39 24MB

A Unified Approach to Constructing Black-Box UC Protocols in Trusted Setup Models

142 64 643KB

Protocols for Authentication and Key Establishment

160 43 31MB

Attack on LAC Key Exchange in Misuse Situation

139 0 25MB

Common Biometric Exchange Formats Framework Standardization

164 12 376KB