A variant of password authenticated key exchange protocol

Abstract Password authenticated key exchange (PAKE) protocols are designed for a pair of users to establish a secret session key over a public and unreliable network. In existing PAKE protocols, it is assumed that short passwords are pre-shared between users. This assumption, however, would be impractical in certain applications. For instance, in the Internet of Things and Fog computing, billions of devices will be wirelessly connected. In practice, the devices are produced by different factories, and it is not practical to assume that these devices are pre-loaded with passwords when they leave factories. As a result, existing PAKE protocols cannot be directly employed in these applications. Moreover, it is investigated that devices can extract secrets using the wireless fading channel. However, the key extraction rate at the physical layer is slow. Motivated by these observations, this paper presents a variant of password authenticated key exchange (vPAKE) protocol without the password sharing assumption. To obtain the passwords, wireless devices, such as mobile phones, tablets, and laptops, are used to extract short secrets at the physical layer. Using the extracted secrets, users can establish a secret key at higher layers. The performance analysis shows that comparing with other PAKE protocols (which are proved secure in the standard model), the communication and computation consumptions of our protocol are significantly reduced. Additionally, the proposed protocol is proved secure in the standard model.

[1]  Ivan Stojmenovic,et al.  An overview of Fog computing and its security issues , 2016, Concurr. Comput. Pract. Exp..

[2]  Nenghai Yu,et al.  A Multihop Key Agreement Scheme for Wireless Ad Hoc Networks Based on Channel Characteristics , 2013, TheScientificWorldJournal.

[3]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[4]  Kim-Kwang Raymond Choo,et al.  Security Requirements for Key Establishment Proof Models: Revisiting Bellare-Rogaway and Jeong-Katz-Lee Protocols , 2005, ACISP.

[5]  Tom H. Luan,et al.  Fog Computing: Focusing on Mobile Users at the Edge , 2015, ArXiv.

[6]  Dongho Won,et al.  An Offline Dictionary Attack against Abdalla and Pointcheval's Key Exchange in the Password-Only Three-Party Setting , 2015, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[7]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[8]  Yang Wang,et al.  Fast and practical secret key extraction by exploiting channel response , 2013, 2013 Proceedings IEEE INFOCOM.

[9]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[11]  David Pointcheval,et al.  Public-key encryption indistinguishable under plaintext-checkable attacks , 2015, IET Inf. Secur..

[12]  David Pointcheval,et al.  A Scalable Password-Based Group Key Exchange Protocol in the Standard Model , 2006, ASIACRYPT.

[13]  Marco Gruteser,et al.  This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY 1 Key Agreement Algorithms for Vehicular Communicatio , 2022 .

[14]  Sneha Kumar Kasera,et al.  Secret Key Extraction from Wireless Signal Strength in Real Environments , 2013, IEEE Trans. Mob. Comput..

[15]  Ueli Maurer,et al.  Information-Theoretically Secure Secret-Key Agreement by NOT Authenticated Public Discussion , 1997, EUROCRYPT.

[16]  Albert Y. Zomaya,et al.  Big Data Privacy in the Internet of Things Era , 2014, IT Professional.

[17]  Ivan Stojmenovic,et al.  The Fog computing paradigm: Scenarios and security issues , 2014, 2014 Federated Conference on Computer Science and Information Systems.

[18]  Indra Widjaja,et al.  IEEE 802.11 Wireless Local Area Networks , 1997, IEEE Commun. Mag..

[19]  Jonathan Katz,et al.  Round-Optimal Password-Based Authenticated Key Exchange , 2011, Journal of Cryptology.

[20]  Wade Trappe,et al.  Radio-telepathy: extracting a secret key from an unauthenticated wireless channel , 2008, MobiCom '08.

[21]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[22]  Jonathan Katz,et al.  A new framework for efficient password-based authenticated key exchange , 2010, CCS '10.

[23]  Jie Yang,et al.  Collaborative secret key extraction leveraging Received Signal Strength in mobile wireless networks , 2012, 2012 Proceedings IEEE INFOCOM.

[24]  Qiang Tang,et al.  Secure Password-Based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks , 2006, ACNS.

[25]  Colin Boyd,et al.  Complementing Computational Protocol Analysis with Formal Specifications , 2004, Formal Aspects in Security and Trust.

[26]  Kim-Kwang Raymond Choo A Proof of Revised Yahalom Protocol in the Bellare and Rogaway (1993) Model , 2007, Comput. J..

[27]  Colin Boyd,et al.  Security of Two-Party Identity-Based Key Agreement , 2005, Mycrypt.

[28]  Guang Gong,et al.  Password Based Key Exchange with Mutual Authentication , 2004, IACR Cryptol. ePrint Arch..

[29]  Colin Boyd,et al.  The importance of proofs of security for key establishment protocols: Formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun protocols , 2006, Comput. Commun..

[30]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[31]  Colin Boyd,et al.  Errors in Computational Complexity Proofs for Protocols , 2005, ASIACRYPT.

[32]  Prasant Mohapatra,et al.  Exploiting Multiple-Antenna Diversity for Shared Secret Key Generation in Wireless Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[33]  Thomas Falck,et al.  Quality of Service for IEEE 802.15.4-based Wireless Body Sensor Networks , 2009, 2009 3rd International Conference on Pervasive Computing Technologies for Healthcare.

[34]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[35]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[36]  Ueli Maurer,et al.  Secret-key agreement over unauthenticated public channels I: Definitions and a completeness result , 2003, IEEE Trans. Inf. Theory.

[37]  Colin Boyd,et al.  Examining Indistinguishability-Based Proof Models for Key Establishment Protocols , 2005, ASIACRYPT.

[38]  Emmanuel Bresson,et al.  New Security Results on Encrypted Key Exchange , 2003, Public Key Cryptography.

[39]  Hai Su,et al.  Fast and scalable secret key generation exploiting channel phase randomness in wireless networks , 2011, 2011 Proceedings IEEE INFOCOM.

[40]  Colin Boyd,et al.  On Session Identifiers in Provably Secure Protocols: The Bellare-Rogaway Three-Party Key Distribution Protocol Revisited , 2004, SCN.

[41]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[42]  Moonseong Kim,et al.  Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation , 2015, PloS one.

[43]  Michel Abdalla Password-Based Authenticated Key Exchange: An Overview , 2014, ProvSec.

[44]  Kim-Kwang Raymond Choo Refuting security proofs for tripartite key exchange with model checker in planning problem setting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[45]  Fabrice Benhamouda,et al.  Security of the J-PAKE Password-Authenticated Key Exchange Protocol , 2015, 2015 IEEE Symposium on Security and Privacy.

[46]  Dongho Won,et al.  A mechanical approach to derive identity-based protocols from Diffie-Hellman-based protocols , 2014, Inf. Sci..

[47]  Sateesh Addepalli,et al.  Fog computing and its role in the internet of things , 2012, MCC '12.

[48]  Sneha Kumar Kasera,et al.  Secret Key Extraction from Wireless Signal Strength in Real Environments , 2009, IEEE Transactions on Mobile Computing.

[49]  Emmanuel Bresson,et al.  Security proofs for an efficient password-based key exchange , 2003, CCS '03.

[50]  Kui Ren,et al.  Cooperative Secret Key Generation from Phase Estimation in Narrowband Fading Channels , 2011, IEEE Journal on Selected Areas in Communications.

[51]  Kim-Kwang Raymond Choo An Integrative Framework to Protocol Analysis and Repair: Bellare-Rogaway Model + Planning + Model Checker , 2007, Informatica.

[52]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[53]  Rafail Ostrovsky,et al.  Efficient and secure authenticated key exchange using weak passwords , 2009, JACM.