Skip to main content
SpringerLink
Log in

Practical Password-Based Authenticated Key Exchange Protocol

  • Conference paper
Computational Intelligence and Security (CIS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4456))

Included in the following conference series:

Abstract

Due to the low entropy of human-memorable passwords, it is not easy to conduct password authenticated key agreement in a secure manner. Though there are many protocols achieving this goal, they may require a large amount of computation especially in the augmented model which is contrived to resist server compromise. In this paper, we propose a simple and efficient password authenticated key exchange protocol, which is in the augmented model. It is considered much more from the practical perspective. Moreover, the scheme is provably forward secure under the Diffie-Hellman intractability assumptions in the random-oracle model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lomas, M., Gong, L., Saltzer, J., Needham, R.: Reducing risks from poorly chosen keys. In: ACM Symposium on Operating System Principles, pp. 14–18 (1989)

    Google Scholar 

  2. Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks. In: Proc. of the Symposium on Security and Privacy, pp. 72–84. IEEE, New York (1992)

    Google Scholar 

  3. Bellovin, S.M., Merritt, M.: Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compromise. In: Proc. of the 1st CCS, pp. 244–250. ACM Press, New York (1993)

    Google Scholar 

  4. Gong, L.: Optimal authentication protocols resistant to password guessing attacks. In: 8th IEEE Computer Security Foundations Workshop, pp. 24–29 (1995)

    Google Scholar 

  5. Jablon, D.: Strong password-only authentication key exchange. ACM Computer Communication Review, ACM SIGCOMM 26(5), 5–20 (1996)

    Article  Google Scholar 

  6. Jablon, D.: Extended password key exchange protocols immune to dictionary attack. In: WETICE 1997 Workshop on Enterprise Security (1997)

    Google Scholar 

  7. Bellare, M., Rogaway, P.: The AuthA protocol for password-based authenticated key exchange. Contributions to IEEE P1363 (2000)

    Google Scholar 

  8. Kobara, K., Imai, H.: Pretty-simple password-authenticated key-exchange under standard assumptions. IEICE Transactions E85-A(10), pp. 2229–2237. Also (2002), available at http://eprint.iacr.org/2003/038/

  9. MacKenzie, P. D.: The PAK suite: Protocols for password-authenticated key exchange. Contributions to IEEE P1363.2 (2002)

    Google Scholar 

  10. Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: ACM CCS 2003, ACM Press, New York (2003)

    Google Scholar 

  11. Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. Abdalla, M., Pointcheval, D.: Simple Password-Based Encrypted Key Exchange Protocols. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Abdalla, M., Chevassut, O., Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Patel, S.: Number theoretic attacks on secure password schemes. In: proceedings of IEEE Security and Privacy, pp. 236–247 (1997)

    Google Scholar 

  15. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  16. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  17. Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. Okamoto, T., Pointcheval, D.: The Gap-Problems: a New Class of Problems for the Security of Cryptographic Schemes. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Networks Engineering, Zhengzhou Information Engineering Institute, Zhengzhou 450002, China

    Shuhua Wu & Yuefei Zhu

Authors
  1. Shuhua Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuefei Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science and Technology , Xidian University, 710071, Xi’an, China

    Yuping Wang

  2. Department of Computer Science , Hong Kong Baptist University, Hong Kong, China

    Yiu-ming Cheung

  3. Faculty of Applied Mathematics , Guangdong University of Technology, 5100006, Guangzhou, China

    Hailin Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wu, S., Zhu, Y. (2007). Practical Password-Based Authenticated Key Exchange Protocol. In: Wang, Y., Cheung, Ym., Liu, H. (eds) Computational Intelligence and Security. CIS 2006. Lecture Notes in Computer Science(), vol 4456. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74377-4_55

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74377-4_55

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74376-7

  • Online ISBN: 978-3-540-74377-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation