An efficient and practical threshold gateway-oriented password-authenticated key exchange protocol in the standard model

With the assistance of an authentication server, a gateway-oriented password-authenticated key exchange (GPAKE) protocol can establish a common session key shared between a client and a gateway. Unfortunately, a GPAKE protocol becomes totally insecure if an adversary can compromise the authentication server and steal the passwords of the clients. In order to provide resilience against adversaries who can hack into the authentication server, we propose a threshold GPAKE protocol and then present its security proof in the standard model based on the hardness of the decisional Diffie-Hellman (DDH) problem. In our proposal, the password is shared among n authentication servers and is secure unless the adversary corrupts more than t+1 servers. Our protocol requires n > 3t servers to work. Compared with existing threshold PAKE protocols, our protocol maintains both stronger security and greater efficiency.创新点网关口令认证密钥交换协议(简称网关口令协议)可以在认证服务器的协助下为用户和网关建立共享的会话密钥。但如果攻击者腐化认证服务器并且窃取了所有用户的口令信息,那么网关口令协议的安全性将无法保证。针对黑客对服务器的入侵攻击给网关口令协议带来的巨大安全威胁,我们设计了一个门限网关口令协议并且在标准模型下基于DDH假设证明了协议的安全性。在我们的协议中,口令被n个服务器以秘密共享的方式分享,攻击者只有腐化t+1个服务器才能够得到用户口令。与已有的同类协议相比,我们的协议不仅具有更强的安全性而且具有更高的效率。

[1]  Rosario Gennaro,et al.  Provably secure threshold password-authenticated key exchange , 2003, J. Comput. Syst. Sci..

[2]  Kwangjo Kim,et al.  Threshold Password-Based Authentication Using Bilinear Pairings , 2004, EuroPKI.

[3]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[4]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[5]  Shingo Hasegawa,et al.  A Strengthened Security Notion for Password-Protected Secret Sharing Schemes , 2015, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  Dong Hoon Lee,et al.  Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol , 2006, IEEE Communications Letters.

[7]  David Pointcheval,et al.  Anonymous and Transparent Gateway-Based Password-Authenticated Key Exchange , 2008, CANS.

[8]  Rafail Ostrovsky,et al.  Efficient and secure authenticated key exchange using weak passwords , 2009, JACM.

[9]  Nitesh Saxena,et al.  Password-protected secret sharing , 2011, CCS '11.

[10]  Jonathan Katz,et al.  Round-Optimal Password-Based Authenticated Key Exchange , 2011, Journal of Cryptology.

[11]  Jin Wang,et al.  Mutual Verifiable Provable Data Auditing in Public Cloud Storage , 2015 .

[12]  Zhenfeng Zhang,et al.  Analysis and Enhancement of an Optimized Gateway-Oriented Password-Based Authenticated Key Exchange Protocol , 2013, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Zhenfeng Zhang,et al.  Gateway-oriented password-authenticated key exchange protocol in the standard model , 2012, J. Syst. Softw..

[14]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[15]  Jianhua Li,et al.  Strongly secure identity-based authenticated key agreement protocols in the escrow mode , 2011, Science China Information Sciences.

[16]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[17]  Baowen Xu,et al.  An Efficient Identity-Based Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad Hoc Networks , 2015, IEEE Transactions on Information Forensics and Security.

[18]  Hung-Yu Chien,et al.  Provably Secure Gateway-Oriented Password-Based Authenticated Key Exchange Protocol Resistant to Password Guessing Attacks , 2013, J. Inf. Sci. Eng..

[19]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[20]  Kyung-Ah Shim Cryptanalysis and Enhancement of Modified Gateway-Oriented Password-Based Authenticated Key Exchange Protocol , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[21]  Jan Camenisch,et al.  Memento: How to Reconstruct Your Secrets from a Single Password in a Hostile Environment , 2014, CRYPTO.

[22]  Sherali Zeadally,et al.  Authentication protocol for an ambient assisted living system , 2015, IEEE Communications Magazine.

[23]  Ronald Cramer,et al.  Non-interactive Distributed-Verifier Proofs and Proving Relations among Commitments , 2002, ASIACRYPT.

[24]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[25]  Guang Gong,et al.  Password Based Key Exchange with Mutual Authentication , 2004, IACR Cryptol. ePrint Arch..

[26]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[27]  Eun-Jun Yoon,et al.  Cryptanalysis of Provably Secure Gateway-oriented Password-based Authenticated Key Exchange Protocol , 2013 .

[28]  David P. Jablon Password Authentication Using Multiple Servers , 2001, CT-RSA.

[29]  Charanjit S. Jutla,et al.  Relatively-Sound NIZKs and Password-Based Key-Exchange , 2012, IACR Cryptol. ePrint Arch..

[30]  Markus Jakobsson,et al.  Threshold Password-Authenticated Key Exchange , 2002, Journal of Cryptology.

[31]  David Naccache,et al.  Topics in Cryptology - CT-RSA 2001: The Cryptographer's Track at RSA Conference 2001 San Francisco, CA, USA, April 8-12, 2001 Proceedings , 2001 .

[32]  Aggelos Kiayias,et al.  Round-Optimal Password-Protected Secret Sharing and T-PAKE in the Password-Only Model , 2014, ASIACRYPT.

[33]  Chun-Ta Li,et al.  Cryptanalysis of Threshold Password Authentication Against Guessing Attacks in Ad Hoc Networks , 2009, Int. J. Netw. Secur..

[34]  Eun-Jun Yoon,et al.  An Optimized Gateway-Oriented Password-Based Authenticated Key Exchange Protocol , 2010, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[35]  Olivier Chevassut,et al.  A Simple Threshold Authenticated Key Exchange from Short Secrets , 2005, ASIACRYPT.

[36]  Yan Zhu,et al.  Lattice-based key exchange on small integer solution problem , 2014, Science China Information Sciences.

[37]  Zhenfu Cao,et al.  Threshold password authentication against guessing attacks in Ad hoc networks , 2007, Ad Hoc Networks.

[38]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[39]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).