论文信息 - Three-party encrypted key exchange without server public-keys

Three-party encrypted key exchange without server public-keys

Three-party key-exchange protocols with password authentication-clients share an easy-to-remember password with a trusted server only-are very suitable for applications requiring secure communications between many light-weight clients (end users); it is simply impractical that every two clients share a common secret. Steiner, Tsudik and Waidner (1995) proposed a realization of such a three-party protocol based on the encrypted key exchange (EKE) protocols. However, their protocol was later demonstrated to be vulnerable to off-line and undetectable on-line guessing attacks. Lin, Sun and Hwang (see ACM Operating Syst. Rev., vol.34, no. 4, p.12-20, 2000) proposed a secure three-party protocol with server public-keys. However, the approach of using server public-keys is not always a satisfactory solution and is impractical for some environments. We propose a secure three-party EKE protocol without server public-keys.

Hung-Min Sun | Chun-Li Lin | Tzonelih Hwang | Michael Steiner

[1] Theodore Y. Ts'o,et al. Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[2] Patrick Horster,et al. Undetectable on-line password guessing attacks , 1995, OPSR.

[3] Ronald Cramer,et al. A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[4] Steven M. Bellovin,et al. Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[5] Ken Thompson,et al. Password security: a case history , 1979, CACM.

[6] Michael Waidner,et al. Secure password-based cipher suite for TLS , 2001, NDSS.

[7] Gene Tsudik,et al. KryptoKnight Authentication and Key Distribution System , 1992, ESORICS.

[8] Gene Tsudik,et al. Refinement and extension of encrypted key exchange , 1995, OPSR.

[9] Hung-Min Sun,et al. Three-party encrypted key exchange: attacks and a solution , 2000, OPSR.