A Secure Authenticated Key Exchange Protocol for Credential Services

In this paper, we propose a leakage-resilient and proactive authenticated key exchange (called LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. And we show that the LRP-AKE protocol is provably secure in the random oracle model with the reduction to the computational Diffie-Hellman problem. In addition, we discuss about some possible applications of the LRP-AKE protocol.

[1]  Vitaly Shmatikov,et al.  Fast dictionary attacks on passwords using time-space tradeoff , 2005, CCS '05.

[2]  Zhiguo Wan,et al.  Cryptanalysis of Two Password-Authenticated Key Exchange Protocols , 2004, ACISP.

[3]  Henry Haverinen,et al.  Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) , 2006, RFC.

[4]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[5]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[6]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  David Pointcheval,et al.  Trapdoor Hard-to-Invert Group Isomorphisms and Their Application to Password-Based Authentication , 2006, Journal of Cryptology.

[8]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[9]  Olivier Chevassut,et al.  Secure password-based authenticated key exchange for web services , 2004, SWS '04.

[10]  Emmanuel Bresson,et al.  New Security Results on Encrypted Key Exchange , 2003, Public Key Cryptography.

[11]  Radia J. Perlman,et al.  Secure Password-Based Protocol for Downloading a Private Key , 1999, NDSS.

[12]  Steven Tuecke,et al.  X.509 Proxy Certificates for Dynamic Delegation , 2004 .

[13]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[14]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[15]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[16]  Sarvar Patel,et al.  Number theoretic attacks on secure password schemes , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[17]  Bodo Möller,et al.  Provably secure password-based authentication in TLS , 2005, ASIACCS '06.

[18]  David P. Jablon Password Authentication Using Multiple Servers , 2001, CT-RSA.

[19]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[20]  Taekyoung Kwon,et al.  Virtual Software Tokens - A Practical Way to Secure PKI Roaming , 2002, InfraSec.

[21]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[22]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[23]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[24]  J.J. Tardo,et al.  SPX: global authentication using public key certificates , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[25]  SeongHan Shin,et al.  An Authentication and Key Exchange Protocol for Secure Credential Services , 2006, ISC.

[26]  R. Sandhu,et al.  Password-Enabled PKI : Virtual Smartcards vs. Virtual Soft Tokens , 2002 .