More Efficient Password Authenticated Key Exchange Based on RSA

In [17], Zhu, et al. proposed a RSA-based password authenticated key exchange scheme which supports short RSA public exponents. The scheme is the most efficient one among all the RSA-based schemes currently proposed when implemented on low-power asymmetric wireless networks. We observe that its performance can further be improved by proposing two modifications. The first modification shortens the size of the message sent from the server to the client. The second modification dramatically reduces the size of the message sent from the client to the server and therefore can be used to reduce the power consumption of the client for wireless communications in a significant way. We also generalize our modified schemes and formalize the security requirements of all underlying primitives that the generic scheme is constituted. A new primitive called password-keyed permutation family is introduced. We show that the security of our password-keyed permutation family is computationally equivalent to the RSA Problem in the random oracle model.

[1]  Feng Bao,et al.  Security Analysis of a Password Authenticated Key Exchange Protocol , 2003, ISC.

[2]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[3]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[4]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[5]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[6]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[7]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[8]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[9]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[11]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[12]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[13]  Feng Zhu,et al.  Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks , 2002, ISC.

[14]  Duncan S. Wong,et al.  The performance measurement of cryptographic primitives on palm devices , 2001, Seventeenth Annual Computer Security Applications Conference.

[15]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.