Secure verifier-based three-party password-authenticated key exchange

In order to secure large-scale peer-to-peer communication system, Chien recently presented a three-party password authenticated key exchange protocol using verifiers to reduce the damages of server corruption. In this paper, we first show his protocol is still vulnerable to a partition attack (offline dictionary attack). Thereafter we propose an enhanced verifier-based protocol that can defeat the attacks described and yet is reasonably efficient. Furthermore, we can provide the rigorous proof of the security for it.

[1]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[2]  Hung-Yu Chien Secure Verifier-Based Three-Party Key Exchange in the Random Oracle Model , 2011, J. Inf. Sci. Eng..

[3]  Kazukuni Kobara,et al.  Pretty-Simple Password-Authenticated Key-Exchange Under Standard Assumptions , 2003, IACR Cryptol. ePrint Arch..

[4]  Olivier Chevassut,et al.  One-Time Verifier-Based Encrypted Key Exchange , 2005, Public Key Cryptography.

[5]  Kefei Chen,et al.  Enhancements of a three-party password-based authenticated key exchange protocol , 2013, Int. Arab J. Inf. Technol..

[6]  Dong Hoon Lee,et al.  Efficient verifier-based password-authenticated key exchange in the three-party setting , 2007, Comput. Stand. Interfaces.

[7]  Tzonelih Hwang,et al.  Simple password-based three-party authenticated key exchange without server public keys , 2010, Inf. Sci..

[8]  Colin Boyd,et al.  Examining Indistinguishability-Based Proof Models for Key Establishment Protocols , 2005, ASIACRYPT.

[9]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[10]  Emmanuel Bresson,et al.  New Security Results on Encrypted Key Exchange , 2003, Public Key Cryptography.

[11]  Chun-Li Lin,et al.  Enhanced three-party encrypted key exchange without server public keys , 2004, Comput. Secur..

[12]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Eun-Jun Yoon,et al.  Cryptanalysis of a simple three-party password-based key exchange protocol , 2011, Int. J. Commun. Syst..

[14]  Kee-Young Yoo,et al.  Efficient verifier-based key agreement protocol for three parties without server's public key , 2005, Appl. Math. Comput..

[15]  Bodo Möller,et al.  Provably secure password-based authentication in TLS , 2005, ASIACCS '06.

[16]  Tzonelih Hwang,et al.  On 'a simple three-party password-based key exchange protocol' , 2011, Int. J. Commun. Syst..

[17]  Hung-Min Sun,et al.  Three-party encrypted key exchange without server public-keys , 2001, IEEE Communications Letters.

[18]  David Pointcheval,et al.  Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication , 2005, Financial Cryptography.

[19]  Zhenfu Cao,et al.  Simple three-party key exchange protocol , 2007, Comput. Secur..

[20]  Colin Boyd,et al.  Elliptic Curve Based Password Authenticated Key Exchange Protocols , 2001, ACISP.

[21]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[22]  Hung-Yu Chien,et al.  Provably Secure Password-Based Three-Party Key Exchange With Optimal Message Steps , 2009, Comput. J..