One-round protocol for two-party verifier-based password-authenticated key exchange

Jeong Ok Kwon; Kouichi Sakurai; Dong Hoon Lee

doi:10.1007/11909033_8

One-round protocol for two-party verifier-based password-authenticated key exchange

Jeong Ok Kwon, Kouichi Sakurai, Dong Hoon Lee

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

Abstract

Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.

Original language	English
Title of host publication	Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings
Editors	Herbert Leitold, Evangelos Markatos
Publisher	Springer Verlag
Pages	87-96
Number of pages	10
ISBN (Print)	3540478205, 9783540478201
DOIs	https://doi.org/10.1007/11909033_8
Publication status	Published - 2006
Event	10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006 - Heraklion, Crete, Greece Duration: Oct 19 2006 → Oct 21 2006

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4237 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006
Country/Territory	Greece
City	Heraklion, Crete
Period	10/19/06 → 10/21/06

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/11909033_8

Cite this

Kwon, J. O., Sakurai, K., & Lee, D. H. (2006). One-round protocol for two-party verifier-based password-authenticated key exchange. In H. Leitold, & E. Markatos (Eds.), Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings (pp. 87-96). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4237 LNCS). Springer Verlag. https://doi.org/10.1007/11909033_8

One-round protocol for two-party verifier-based password-authenticated key exchange. / Kwon, Jeong Ok; Sakurai, Kouichi; Lee, Dong Hoon.
Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings. ed. / Herbert Leitold; Evangelos Markatos. Springer Verlag, 2006. p. 87-96 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4237 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kwon, JO, Sakurai, K & Lee, DH 2006, One-round protocol for two-party verifier-based password-authenticated key exchange. in H Leitold & E Markatos (eds), Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4237 LNCS, Springer Verlag, pp. 87-96, 10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006, Heraklion, Crete, Greece, 10/19/06. https://doi.org/10.1007/11909033_8

Kwon JO, Sakurai K, Lee DH. One-round protocol for two-party verifier-based password-authenticated key exchange. In Leitold H, Markatos E, editors, Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings. Springer Verlag. 2006. p. 87-96. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11909033_8

Kwon, Jeong Ok ; Sakurai, Kouichi ; Lee, Dong Hoon. / One-round protocol for two-party verifier-based password-authenticated key exchange. Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings. editor / Herbert Leitold ; Evangelos Markatos. Springer Verlag, 2006. pp. 87-96 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a75f241da30b486cad1012cd7d234dac,

title = "One-round protocol for two-party verifier-based password-authenticated key exchange",

abstract = "Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.",

author = "Kwon, {Jeong Ok} and Kouichi Sakurai and Lee, {Dong Hoon}",

year = "2006",

doi = "10.1007/11909033_8",

language = "English",

isbn = "3540478205",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "87--96",

editor = "Herbert Leitold and Evangelos Markatos",

booktitle = "Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings",

address = "Germany",

note = "10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006 ; Conference date: 19-10-2006 Through 21-10-2006",

}

TY - GEN

T1 - One-round protocol for two-party verifier-based password-authenticated key exchange

AU - Kwon, Jeong Ok

AU - Sakurai, Kouichi

AU - Lee, Dong Hoon

PY - 2006

Y1 - 2006

N2 - Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.

AB - Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.

UR - http://www.scopus.com/inward/record.url?scp=33845220514&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33845220514&partnerID=8YFLogxK

U2 - 10.1007/11909033_8

DO - 10.1007/11909033_8

M3 - Conference contribution

AN - SCOPUS:33845220514

SN - 3540478205

SN - 9783540478201

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 87

EP - 96

BT - Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings

A2 - Leitold, Herbert

A2 - Markatos, Evangelos

PB - Springer Verlag

T2 - 10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006

Y2 - 19 October 2006 through 21 October 2006

ER -

One-round protocol for two-party verifier-based password-authenticated key exchange

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this