Abstract
A password-based protocol for authenticated key exchange must provide security against attacks using low entropy of a memorable password. We propose a new password-based protocol for authenticated key exchange, EPA (Efficient Password-based protocol for Authenticated key exchange), which has smaller computational and communicational workloads than previously proposed protocols with the same security requirements. EPA is an asymmetric model in which each client has a password and the server has a password file. While the server’s password file is compromised, the client’s password is not directly exposed. However, if the adversary mounts an additional dictionary attack, he can obtain the client’s password. By using a modified amplified password file, we construct EPA+, which is secure against dictionary attack and server impersonation even if the server’s password file is compromised.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This research was supported by University IT Research Center Project, the Brain Korea 21 Project, and Com2MaC-KOSEF.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
M. Bellare and P. Rogaway, Entity authentication and key distribution, Crypto’93, pages 232–249, 1993.
M. Bellare D. Pointcheval, and P. Rogaway, Authenticated Key Exchange Secure Against Dictionary Attacks, Eurocrypt 2000, pages 139–155, 2000.
S. Bellovin and M. Merritt, Encrypted Key Exchange: Password-based protocols secure against dictionary attacks, Proceedings of IEEE Security and Privacy, pages 72–84, 1992.
V. Boyko, P. MacKenzie, and S. Patel, Provably secure password authenticated key exchange using Diffie-Helman, Eurocrypt 2000, pages 156–171, 2000.
D. Denning and G. Sacco, Timestamps in key distribution protocols, Communications of the ACM, vol 24, no 8, pages 533–536, 1981.
V. S. Dimitrov, G. A. Jullien, and W. C. Miller, Complexity and fast algorithms for multi-exponentiations, IEEE Transactions on Computers, vol 49, no 2, pages 141–147, 2000.
D. Jablon, Extended password key exchange protocols immune to dictionary attack, In WETICE’97 Workshop on Enterprise Security, 1997.
K. Kobara and H. Imai, Pretty-Simple Password-Authenticated Key-Exchange Under Standard Assumptions, Cryptology ePrint Archive, Report 2003/038, 2003.
T. Kwon, Authentication and key agreement via memorable password, Proceedings of the ISOC NDSS Symposium, 2001.
P. MacKenzie, More efficient password-authenticated key exchange, Progress in Cryptology — CT-RSA 2001, pages 361–377, 2001.
P. MacKenzie, The PAK suit: Protocols for Password-Authenticated Key Exchange, http://grouper.ieee.org/groups/1363/passwdPK/contributions.html#Mac02, April, 2002.
B. Moeller, Algorithm for multi-exponentiation, In Selected Areas in Cryptography, SAC 2001, pages 165–180, 2001.
P. van Oorschot and M. Wiener, On Diffie-Hellman key agreement with short exponents, Eurocrypt’96, pages 332–343, 1994.
D. G. Park, C. Boyd, and S. J. Moon, Forward Secrecy and Its Application to Futher Mobile Communications Security, Public Key Cryptography, PKC 2000, pages 433–445, 2000.
S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Transactions on Information Theory, vol 24, no 1, pages 106–110, 1978.
J. Pollard, Monte Carlo methods for index computation mod p, Math. of computation, pages 918–924, 1978.
V. Shoup, On formal models for secure key exchange, IBM Research Report RZ 3120, April, 1999.
T. Wu, Secure remote password protocol, Proceedings of the ISOC NDSS Symposium, pages 99–111, 1998.
S. M. Yen, C. S. Laih, and A. K. Lenstra, Multi-exponentiation (cryptographic protocols), Computers and Digital Techniques, IEEE Proceedings, vol 141, no 6, pages 325–326, 1994.
IEEE P1363.2: Standard Specifications for Password-Based Public Key Cryptography Techniques, Draft D7, December 20, 2002. http://grouper.ieee.org/group/1363/.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hwang, Y.H., Yum, D.H., Lee, P.J. (2003). EPA: An Efficient Password-Based Protocol for Authenticated Key Exchange. In: Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 2003. Lecture Notes in Computer Science, vol 2727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45067-X_39
Download citation
DOI: https://doi.org/10.1007/3-540-45067-X_39
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40515-3
Online ISBN: 978-3-540-45067-2
eBook Packages: Springer Book Archive