Secure Password-Based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks

We explore authenticated group key agreement in data-sharing Peer-to-Peer networks. We first propose a novel password-based authenticated group key agreement protocol with key confirmation. We present a formal statement of its security in a variant of the Bresson et al. security model adapted for the password-based setting. A discussion of the limitations of our protocol in the case where the group size becomes large is then presented. We conclude the paper with an enhanced version of the protocol, using a CAPTCHA technique, designed to make it more robust against online password guessing attacks.

[1]  Qiang Tang,et al.  Weaknesses in two group Diffie-Hellman key exchange protocols , 2005, IACR Cryptol. ePrint Arch..

[2]  Dong Hoon Lee,et al.  N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords , 2005, ACNS.

[3]  Yvo Desmedt,et al.  A Secure and Efficient Conference Key Distribution System (Extended Abstract) , 1994, EUROCRYPT.

[4]  Mihir Bellare,et al.  Transitive Signatures Based on Factoring and RSA , 2002, ASIACRYPT.

[5]  Emmanuel Bresson,et al.  Password-Based Group Key Exchange in a Constant Number of Rounds , 2006, Public Key Cryptography.

[6]  Emmanuel Bresson,et al.  Provably authenticated group Diffie-Hellman key exchange , 2001, CCS '01.

[7]  Dong Hoon Lee,et al.  Efficient Password-Based Group Key Exchange , 2004, TrustBus.

[8]  Jerome H. Saltzer,et al.  Reducing risks from poorly chosen keys , 1989, SOSP '89.

[9]  Hector Garcia-Molina,et al.  Open Problems in Data-Sharing Peer-to-Peer Systems , 2003, ICDT.

[10]  Benny Pinkas,et al.  Securing passwords against dictionary attacks , 2002, CCS '02.

[11]  Ari Juels,et al.  Client puzzles: A cryptographic defense against connection depletion , 1999 .

[12]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[13]  Emmanuel Bresson,et al.  Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks , 2002, ASIACRYPT.

[14]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[15]  Ratna Dutta,et al.  Password-based Encrypted Group Key Agreement , 2006, Int. J. Netw. Secur..