A provably secure smart card-based authenticated group key exchange protocol

A password-based authenticated group key exchange protocol assists group participants who possess low-entropy, human-memorable passwords in establishing a secure communication channel. In this type of scheme, the server needs to store the users' verifiers in a database. Therefore, it is susceptible to stolen-verifier attacks. In this paper, we propose a new authenticated group key protocol that eliminates the need of verifier database at the server side. Our protocol is based on a two-factor authentication that employs both smart card and password. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Emmanuel Bresson,et al.  Password-Based Group Key Exchange in a Constant Number of Rounds , 2006, Public Key Cryptography.

[2]  Dong Hoon Lee,et al.  Efficient Password-Based Group Key Exchange , 2004, TrustBus.

[3]  Yehuda Lindell,et al.  A framework for password-based authenticated key exchange1 , 2006, TSEC.

[4]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[5]  Chin-Chen Chang,et al.  A novel three-party encrypted key exchange protocol , 2004, Comput. Stand. Interfaces.

[6]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[7]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[8]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[9]  Hung-Min Sun,et al.  Attacks and Solutions on Strong-Password Authentication , 2001 .

[10]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, Journal of Cryptology.

[11]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[12]  Emmanuel Bresson,et al.  Provably authenticated group Diffie-Hellman key exchange , 2001, CCS '01.

[13]  Frederik Armknecht,et al.  A Universally Composable Group Key Exchange Protocol with Minimum Communication Effort , 2008, SCN.

[14]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[15]  Emmanuel Bresson,et al.  Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions , 2002, EUROCRYPT.

[16]  Hung-Min Sun,et al.  Secure key agreement protocols for three-party against guessing attacks , 2005, J. Syst. Softw..

[17]  Jonathan Katz,et al.  Modeling insider attacks on group key-exchange protocols , 2005, CCS '05.

[18]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[19]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[20]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, CRYPTO.

[21]  Rosario Gennaro,et al.  Faster and Shorter Password-Authenticated Key Exchange , 2008, TCC.

[22]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[23]  Ratna Dutta,et al.  Password-based Encrypted Group Key Agreement , 2006, Int. J. Netw. Secur..

[24]  Frederik Armknecht,et al.  On the Minimum Communication Effort for Secure Group Key Exchange , 2010, Selected Areas in Cryptography.

[25]  Emmanuel Bresson,et al.  Group Die-Hellman Key Exchange Secure Against Dictionary Attacks (Extended abstract) , 2002 .

[26]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[27]  Colin Boyd,et al.  Universally composable contributory group key exchange , 2009, ASIACCS '09.

[28]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[29]  Chun-Li Lin,et al.  Enhanced three-party encrypted key exchange without server public keys , 2004, Comput. Secur..

[30]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[31]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.