Efficient and Leakage-Resilient Authenticated Key Transport Protocol Based on RSA

Let us consider the following situation: (1) a client, who communicates with a variety of servers, remembers only one password and has insecure devices with very-restricted computing power and built-in memory capacity; (2) the counterpart servers have enormous computing power, but they are not perfectly secure; (3) neither PKI (Public Key Infrastructures) nor TRM (Tamper-Resistant Modules) is available. Our main goal of this paper is to provide its security against the leakage of stored secrets as well as to attain high efficiency on client's side. For those, we propose an efficient and leakage-resilient RSA-based Authenticated Key Establishment (RSA-AKE) protocol suitable for the above situation whose authenticity is based on password and an additional stored secret. The RSA-AKE protocol is provably secure in the random oracle model where an adversary is given the stored secret of client and the RSA private key of server. In terms of computation costs, the client is required to compute only one modular exponentiation with an exponent e (e ≥ 3) in the protocol execution. We also show that the RSA-AKE protocol has several security properties and efficiency over the previous ones of their kinds.

[1]  Muxiang Zhang New Approaches to Password Authenticated Key Exchange Based on RSA , 2004, ASIACRYPT.

[2]  Hugo Krawczyk,et al.  Public-key cryptography and password protocols , 1999 .

[3]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[4]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[5]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[6]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[7]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[8]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[9]  Thomas D. Wu A Real-World Analysis of Kerberos Password Security , 1999, NDSS.

[10]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[11]  Qiang Tang,et al.  Weaknesses in a leakage-resilient authenticated key transport protocol , 2005, IACR Cryptol. ePrint Arch..

[12]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  David Pointcheval,et al.  Trapdoor Hard-to-Invert Group Isomorphisms and Their Application to Password-Based Authentication , 2006, Journal of Cryptology.

[14]  Jerome H. Saltzer,et al.  Reducing risks from poorly chosen keys , 1989, SOSP '89.

[15]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[16]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[17]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[18]  David Pointcheval,et al.  IPAKE: Isomorphisms for Password-Based Authenticated Key Exchange , 2004, CRYPTO.

[19]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[20]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[21]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[22]  Rafail Ostrovsky,et al.  Forward Secrecy in Password-Only Key Exchange Protocols , 2002, SCN.

[23]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[24]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[25]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[26]  Li Gong,et al.  Optimal authentification protocols resistant to password guessing attacks , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[27]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[28]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.