Provably Leakage-Resilient Password-Based Authenticated Key Exchange in the Standard Model

The password-based authenticated key exchange (PAKE) protocol is one of most practical cryptographic primitives for trusted computing, which is used to securely authenticate devices’ identities and generate shared session keys among devices in insecure environments by using a short, human-memorable password. With the fast development of the Internet of Things (IoT), new challenges regarding PAKE have emerged. The traditional PAKE protocols are completely insecure in IoT environments, since there are many kinds of side-channel attacks. Therefore, it is very important to model and design leakage-resilient (LR) PAKE protocols. However, there has been no prior work on modeling and constructing LR PAKE protocols. In this paper, we first formalize an LR eCK security model for PAKE based on the eCK-secure PAKE model and the only computation leakage model. Then, we propose the first LR PAKE protocol by using Diffie-Hellman key exchange, LR storage (LRS) and LR refreshing of LRS appropriately and formally present a security proof in the standard model.

[1]  Tatsuaki Okamoto,et al.  Leakage resilient eCK-secure key exchange protocol without random oracles , 2011, ASIACCS '11.

[2]  Vipul Goyal Positive Results for Concurrently Secure Computation in the Plain Model , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[3]  Debiao He,et al.  Efficient provably secure password-based explicit authenticated key agreement , 2015, Pervasive Mob. Comput..

[4]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[5]  Aleksandr Ometov,et al.  Mobile Social Networking Under Side-Channel Attacks: Practical Security Challenges , 2017, IEEE Access.

[6]  Mingwu Zhang,et al.  Leakage-Resilient Password-Based Authenticated Key Exchange , 2017, ICA3PP.

[7]  P Priyanka,et al.  ID2S Password-Authenticated Key Exchange Protocols , 2017 .

[8]  Sarvar Patel,et al.  Password-authenticated key exchange based on RSA , 2000, International Journal of Information Security.

[9]  Dong Hoon Lee,et al.  EC2C-PAKA: An efficient client-to-client password-authenticated key agreement , 2007, Inf. Sci..

[10]  Mingwu Zhang,et al.  After-the-Fact Leakage-Resilient Identity-Based Authenticated Key Exchange , 2018, IEEE Systems Journal.

[11]  Hugo Krawczyk,et al.  On Extract-then-Expand Key Derivation Functions and an HMAC-based KDF ∗ , 2008 .

[12]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography From the Inner-Product Extractor , 2011, IACR Cryptol. ePrint Arch..

[13]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Dongho Won,et al.  Server-Aided Password-Authenticated Key Exchange: From 3-Party to Group , 2011, HCI.

[15]  Ran Canetti,et al.  Efficient Password Authenticated Key Exchange via Oblivious Transfer , 2012, Public Key Cryptography.

[16]  Chien-Lung Hsu,et al.  End-to-end authenticated key exchange agreement for wearable devices in IoT environments , 2017, 2017 IEEE Great Lakes Biomedical Conference (GLBC).

[17]  Chung-Fu Lu,et al.  Multi-party Password-Authenticated Key Exchange Scheme with Privacy Preservation for Mobile Environment , 2015, KSII Trans. Internet Inf. Syst..

[18]  Zhengping,et al.  Password-Authenticated Multiple Key Exchange Protocol for Mobile Applications , 2012 .

[19]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[20]  Li Li,et al.  Security Analysis of Two Password-Authenticated Multi-Key Exchange Protocols , 2017, IEEE Access.

[21]  Rafail Ostrovsky,et al.  Efficient and secure authenticated key exchange using weak passwords , 2009, JACM.

[22]  Liehuang Zhu,et al.  Scalable protocol for cross-domain group password-based authenticated key exchange , 2014, Frontiers of Computer Science.

[23]  Kun-Lin Tsai,et al.  TTP Based High-Efficient Multi-Key Exchange Protocol , 2016, IEEE Access.

[24]  SK Hafizul Islam,et al.  Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps , 2015, Inf. Sci..

[25]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[26]  Ruhul Amin,et al.  Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card , 2015 .

[27]  Zheng Yang,et al.  On security analysis of an after-the-fact leakage resilient key exchange protocol , 2016, Inf. Process. Lett..

[28]  Stefan Dziembowski,et al.  Leakage-Resilient Storage , 2010, SCN.

[29]  Colin Boyd,et al.  Modelling after-the-fact leakage for key exchange , 2014, IACR Cryptol. ePrint Arch..

[30]  Douglas Stebila,et al.  Continuous After-the-Fact Leakage-Resilient eCK-Secure Key Exchange , 2015, IMACC.

[31]  Fuchun Guo,et al.  Strongly Leakage-Resilient Authenticated Key Exchange , 2016, CT-RSA.

[32]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, Journal of Cryptology.

[33]  Eun-Jun Yoon,et al.  Design of Mutually Authenticated Key Agreement Protocol Resistant to Impersonation Attacks for Multi-Server Environment , 2017, IEEE Access.

[34]  Colin Boyd,et al.  Continuous After-the-Fact Leakage-Resilient Key Exchange , 2014, ACISP.

[35]  Mahmoud Ahmadian-Attari,et al.  An efficient client–client password-based authentication scheme with provable security , 2014, The Journal of Supercomputing.

[36]  Jonathan Katz,et al.  Two-server password-only authenticated key exchange , 2012, J. Comput. Syst. Sci..