Abstract
In this paper, we propose a leakage-resilient and proactive authenticated key exchange (called LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. The LRP-AKE protocol is provably secure in the random oracle model with the reduction to the computational Diffie-Hellman problem.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdalla, M., Bresson, E., Chevassut, O., Moller, B., Pointcheval, D.: Provably Secure Password-based Authentication in TLS. In: Proc. of AsiaCCS 2006. ACM, New York (2006)
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetx, H.: Extensible Authentication Protocol (EAP). IETF RFC 3748 (June 2004)
Abdalla, M., Pointcheval, D.: Simple Password-Based Encrypted Key Exchange Protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)
Bresson, E., Chevassut, O., Pointcheval, D.: New Security Results on Encrypted Key Exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145–158. Springer, Heidelberg (2004)
Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attacks. In: Proc. of IEEE Symposium on Security and Privacy, pp. 72–84 (1992)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Proc. of ACM CCS 1993, pp. 62–73 (1993)
Blunk, L., Vollbrecht, J.: PPP Extensible Authentication Protocol (EAP). IETF RFC 2284 (March 1998)
Canetti, R., Goldreich, O., Halevi, S.: The Random Oracle Methodology, Revisited. In: Proc. of the 30th ACM Symposium on Theory of Computing (STOC), pp. 209–218. ACM, New York (1998)
Catalano, D., Pointcheval, D., Pornin, T.: Trapdoor Hard-to-Invert Group Isomorphisms and Their Application to Password-based Authentication. Journal of Cryptology (2006); The extended abstract appeared at CRYPTO 2004
Ford, W., Kaliski, B.S.: Server-Assisted Generation of a Strong Secret from a Password. In: Proc. of the Fifth International Workshop on Enterprise Security. IEEE, Los Alamitos (2000)
Haverinen, H., Salowey, J.: Extensible Authentication Protocol Method for GSM Subscriber Identity Modules (EAP-SIM) (December 2004)
Jablon, D.P.: Password Authentication Using Multiple Servers. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 344–360. Springer, Heidelberg (2001)
Kwon, T.: Virtual Software Tokens - A Practical Way to Secure PKI Roaming. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 288–302. Springer, Heidelberg (2002)
Ostrovsky, R., Yung, M.: How to Withstand Mobile Virus Attacks. In: Proc. of 10th Annual ACM Symposium on Principles of Distributed Computing (1991)
Patel, S.: Number Theoretic Attacks on Secure Password Schemes. In: Proc. of IEEE Symposium on Security and Privacy, pp. 236–247. IEEE Computer Society, Los Alamitos (1997)
Patel, S.: Analysis of EAP-SIM Session Key Agreement, Available at: http://www.drizzle.com/~aboba/EAP/AnalyisOfEAP.pdf
Perlman, R., Kaufman, C.: Secure Password-Based Protocol for Downloading a Private Key. In: Proc. 1999 Network and Distributed System Security Symposium, Internet Security (1999)
Sandhu, R., Bellare, M., Ganesan, R.: Password Enabled PKI: Virtual Smartcards vs. Virtual Soft Tokens. In: Proc. of the 1st Annual PKI Research Workshop, pp. 89–96 (2002)
Shoup, V.: On Formal Models for Secure Key Exchange. IBM Research Report RZ 3121 (1999), Available at: http://eprint.iacr.org/1999/012
Shoup, V.: OAEP Reconsidered. Journal of Cryptology 15(4), 223–249 (2002)
Shin, S., Kobara, K., Imai, H.: Efficient and Leakage-Resilient Authenticated Key Transport Protocol Based on RSA. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 269–284. Springer, Heidelberg (2005)
Shin, S.H., Kobara, K., Imai, H.: Security Proof of Efficient and Leakage-Resilient Authenticated Key Transport Protocol Based on RSA. Cryptology ePrint Archive, Report 2005/190 (2005)
Tardo, J., Alagappan, K.: SPX: Global Authentication Using Public Key Certificates. In: Proc. of 1991 IEEE Computer Society Symposium on Security and Privacy, pp. 232–244 (1991)
Tang, Q., Mitchell, C.J.: Weaknesses in a Leakage-Resilient Authenticated Key Transport Protocol. Cryptology ePrint Archive, Report 2005/173 (2005)
Wang, X.: Intrusion-Tolerant Password-Enabled PKI. In: Proc. of the 2nd Annual PKI Research Workshop, pp. 44–53 (2003)
Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 Proxy Certificates for Dynamic Delegation. In: Proc. of the 3rd Annual PKI R&D Workshop (2004)
Wan, Z., Wang, S.: Cryptanalysis of Two Password-Authenticated Key Exchange Protocols. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 164–175. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shin, S., Kobara, K., Imai, H. (2006). An Authentication and Key Exchange Protocol for Secure Credential Services. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_32
Download citation
DOI: https://doi.org/10.1007/11836810_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38341-3
Online ISBN: 978-3-540-38343-7
eBook Packages: Computer ScienceComputer Science (R0)