Multi Server Password Authenticated Key Exchange Using Attribute-Based Encryption

Password authenticated key exchange (PAKE) is a protocol that a client stores its password to a server, authenticates itself using its password and shares a session ke y with the server. In multi-server PAKE, a client splits its password and stores them to several servers separately. Unless all the servers are compromised, client's password will not be disclosed in the multi-server setting. In attribute-based encryption (ABE), a sender encrypts a message M using a set of attributes and then a receiver decrypts it using the same set of attributes. In this paper, we introduce multi-server PAKE protocol that utilizes a set of attributes of ABE as a client's password. In the protocol, the client and servers do not need to create additional public/private key pairs because the password is used as a set of public keys. Also, the client and the servers exchange only one round-trip message per server. The protocol is secure against dictionary attacks. We prove our system is secure in a proposed threat model. Finally we show feasibility through evaluating the execution time of the protocol.

[1]  Hugo Krawczyk,et al.  Public-key cryptography and password protocols , 1999 .

[2]  Byungchul Cho,et al.  Technology Review on Multimodal Biometric Authentication , 2015 .

[3]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Elaine B. Barker,et al.  Recommendation for key management: , 2019 .

[5]  Soonhak Kwon,et al.  Efficient Tate Pairing Computation for Elliptic Curves over Binary Fields , 2005, ACISP.

[6]  Raylin Tso,et al.  Identity-based Password-Authenticated Key Exchange for Client/Server Model , 2012, SECRYPT.

[7]  Xiaojun Wang,et al.  Efficient montgomery multiplier for pairing and elliptic curve based cryptography , 2014, 2014 9th International Symposium on Communication Systems, Networks & Digital Sign (CSNDSP).

[8]  Markus Jakobsson,et al.  Threshold Password-Authenticated Key Exchange , 2002, CRYPTO.

[9]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[10]  Jonathan Katz,et al.  Two-server password-only authenticated key exchange , 2005, J. Comput. Syst. Sci..

[11]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[12]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[13]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[14]  Jun-Cheol Park A Scheme for Secure Storage and Retrieval of (ID, Password) Pairs Using Smart Cards as Secure and Portable Storages , 2014 .

[15]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[16]  Namhi Kang,et al.  QR-Code Based Mutual Authentication System for Web Service , 2014 .

[17]  Elisa Bertino,et al.  ID-Based Two-Server Password-Authenticated Key Exchange , 2014, ESORICS.