Password Authenticated Key Exchange for Resource-Constrained Wireless Communications (Extended Abstract)

With the advancement of wireless technology and the increasing demand for resource-constrained mobile devices, secure and efficient password authenticated key exchange (PAKE) protocols are needed for various kinds of secure communications among low-power wireless devices. In this paper, we introduce an elliptic curve based password-keyed permutation family and use it to construct a PAKE in such a way that it is suitable for efficient implementation on low-power devices. The computation time on each side of our PAKE is estimated to be about 3.4 seconds and can be reduced to 1.5 seconds with precomputation on an embedded device with a low-end 16MHz DragonBall-EZ microprocessor. On its security, we show that the password-keyed permutation family is secure against offline dictionary attack under the assumption that the elliptic curve computational Diffie-Hellman problem is intractable. Index Terms: Authentication Protocol, Key Exchange, Wireless Communications.

[1]  Felix Schlenk,et al.  Proof of Theorem 2 , 2005 .

[2]  Christof Paar,et al.  Elliptic Curve Cryptography on a Palm OS Device , 2001, ACISP.

[3]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[4]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[5]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[6]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[7]  Feng Zhu,et al.  More Efficient Password Authenticated Key Exchange Based on RSA , 2003, INDOCRYPT.

[8]  Philip MacKenzie,et al.  On the Security of the SPEKE Password-Authenticated Key Exchange Protocol , 2001, IACR Cryptol. ePrint Arch..

[9]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[10]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[11]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[12]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[13]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[14]  Kazukuni Kobara,et al.  Pretty-Simple Password-Authenticated Key-Exchange Under Standard Assumptions , 2003, IACR Cryptol. ePrint Arch..

[15]  Philip D. MacKenzie,et al.  More Efficient Password-Authenticated Key Exchange , 2001, CT-RSA.

[16]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Thomas Johansson,et al.  Progress in Cryptology - INDOCRYPT 2003 , 2003, Lecture Notes in Computer Science.

[18]  David Naccache,et al.  Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[19]  Alfred Menezes,et al.  Elliptic curve public key cryptosystems , 1993, The Kluwer international series in engineering and computer science.

[20]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[21]  Ueli Maurer,et al.  The Diffie–Hellman Protocol , 2000, Des. Codes Cryptogr..

[22]  Muxiang Zhang Analysis of the SPEKE password-authenticated key exchange protocol , 2004, IEEE Commun. Lett..

[23]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[24]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[25]  Taekyoung Kwon,et al.  Ultimate solution to authentication via memorable password , 2000 .

[26]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[27]  Taekyoung Kwon,et al.  Ultimate Solution to Authentication via Memorable Password -contribution to the Ieee P1363 Study Group for Future Pkc Standards , 2000 .