One-round protocol for two-party verifier-based password-authenticated key exchange

Jeong Ok Kwon; Kouichi Sakurai; Dong Hoon Lee

doi:10.1007/11909033_8

One-round protocol for two-party verifier-based password-authenticated key exchange

Jeong Ok Kwon^*, Kouichi Sakurai, Dong Hoon Lee

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

Abstract

Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.

Original language	English
Title of host publication	Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings
Editors	Herbert Leitold, Evangelos Markatos
Publisher	Springer Verlag
Pages	87-96
Number of pages	10
ISBN (Print)	3540478205, 9783540478201
DOIs	https://doi.org/10.1007/11909033_8
Publication status	Published - 2006
Event	10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006 - Heraklion, Crete, Greece Duration: 2006 Oct 19 → 2006 Oct 21

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4237 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006
Country/Territory	Greece
City	Heraklion, Crete
Period	06/10/19 → 06/10/21

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/11909033_8

Cite this

Kwon, J. O., Sakurai, K., & Lee, D. H. (2006). One-round protocol for two-party verifier-based password-authenticated key exchange. In H. Leitold, & E. Markatos (Eds.), Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings (pp. 87-96). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4237 LNCS). Springer Verlag. https://doi.org/10.1007/11909033_8

One-round protocol for two-party verifier-based password-authenticated key exchange. / Kwon, Jeong Ok; Sakurai, Kouichi; Lee, Dong Hoon.
Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings. ed. / Herbert Leitold; Evangelos Markatos. Springer Verlag, 2006. p. 87-96 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4237 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kwon, JO, Sakurai, K & Lee, DH 2006, One-round protocol for two-party verifier-based password-authenticated key exchange. in H Leitold & E Markatos (eds), Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4237 LNCS, Springer Verlag, pp. 87-96, 10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006, Heraklion, Crete, Greece, 06/10/19. https://doi.org/10.1007/11909033_8

Kwon JO, Sakurai K, Lee DH. One-round protocol for two-party verifier-based password-authenticated key exchange. In Leitold H, Markatos E, editors, Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings. Springer Verlag. 2006. p. 87-96. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11909033_8

Kwon, Jeong Ok ; Sakurai, Kouichi ; Lee, Dong Hoon. / One-round protocol for two-party verifier-based password-authenticated key exchange. Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings. editor / Herbert Leitold ; Evangelos Markatos. Springer Verlag, 2006. pp. 87-96 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d431480643a34c0994b00351daa9a481,

title = "One-round protocol for two-party verifier-based password-authenticated key exchange",

abstract = "Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.",

author = "Kwon, \{Jeong Ok\} and Kouichi Sakurai and Lee, \{Dong Hoon\}",

note = "Copyright: Copyright 2020 Elsevier B.V., All rights reserved.; 10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006 ; Conference date: 19-10-2006 Through 21-10-2006",

year = "2006",

doi = "10.1007/11909033\_8",

language = "English",

isbn = "3540478205",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "87--96",

editor = "Herbert Leitold and Evangelos Markatos",

booktitle = "Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings",

}

TY - GEN

T1 - One-round protocol for two-party verifier-based password-authenticated key exchange

AU - Kwon, Jeong Ok

AU - Sakurai, Kouichi

AU - Lee, Dong Hoon

PY - 2006

Y1 - 2006

N2 - Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.

AB - Password-authenticated key exchange (PAKE) for two-party allows a client and a server communicating over a public network to share a session key using a human-memorable password only. PAKE protocols can be served as basic building blocks for constructing secure, complex, and higher-level protocols which were initially built upon the Transport Layer Security (TLS) protocol. In this paper, we propose a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round. The protocol is secure against attacks using compromised server's password file and known-key attacks, and provides forward secrecy, which is analyzed in the ideal hash model. This scheme matches the most efficient verifier-based PAKE protocol among those found in the literature. It is the first provably-secure one-round protocol for verifier-based PAKE in the two-party setting.

UR - https://www.scopus.com/pages/publications/33845220514

U2 - 10.1007/11909033_8

DO - 10.1007/11909033_8

M3 - Conference contribution

AN - SCOPUS:33845220514

SN - 3540478205

SN - 9783540478201

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 87

EP - 96

BT - Communications and Multimedia Security - 10th IFIP TC-6 TC-11 International Conference, CMS 2006, Proceedings

A2 - Leitold, Herbert

A2 - Markatos, Evangelos

PB - Springer Verlag

T2 - 10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, CMS 2006

Y2 - 19 October 2006 through 21 October 2006

ER -

One-round protocol for two-party verifier-based password-authenticated key exchange

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this