Abstract
Three-party password authenticated key exchange (3PAKE) allows two clients, each sharing a password with a trusted server, to establish a session key with the help of the server. It is a quite practical mechanism for establishing secure channels in large communication network. However, most current 3PAKE protocols are analyzed in security models that don’t adequately address protocol composition problem. In this paper, a direct definition of security for 3PAKE within the universal composability framework is proposed, which captures the basic security requirements of the problem and is proven to be stronger than the commonly used security notions. To further justify our formulation of 3PAKE, we prove that a slight variant of a generic 3PAKE protocol by Wang and Hu securely realizes the new security definition.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yuan, C., Sun, X., Lv, R.: Fingerprint liveness detection based on multi-scale LPQ and PCA. China Commun. 13(7), 60–65 (2016)
Fu, Z., Sun, X., Ji, S., et al.: Towards efficient content-aware search over encrypted outsourced data in cloud. In: Proceedings of the INFOCOM, San Francisco, CA (2016)
Xia, Z., Zhu, Y., Sun, X., et al.: Towards privacy-preserving content-based image retrieval in cloud computing. IEEE Trans. Cloud Comput. (in press)
Xia, Z., Wang, X., Zhang, L., et al.: A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Trans. Inf. Forensics Secur. 11(11), 2594–2608 (2016)
Xia, Z., Xiong, N., Vasilakos, A., et al.: EPCBIR: an efficient and privacy-preserving content-based image retrieval scheme in cloud computing. Inf. Sci. 387, 195–204 (2017)
Xia, Z., Lv, R., Zhu, Y., et al.: Fingerprint liveness detection using gradient-based texture features. SIViP 11(2), 381–388 (2017)
Xiong, L., Xu, Z., Xu, Y.: A secure re-encryption scheme for data services in a cloud computing environment. Concurr. Comput.: Pract. Exp. 27(17), 4573–4585 (2015)
Chen, X., et al.: Reversible watermarking method based on asymmetric-histogram shifting of prediction errors. J. Syst. Softw. 86(10), 2620–2626 (2013)
Fu, Z., Ren, K., et al.: Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE TPDS 27(9), 2546–2559 (2016)
Zhang, Z., Yang, K., Hu, X., et al.: Practical anonymous password authentication and TLS with anonymous client authentication. In: Proceedings of the CCS 2016, pp. 1179–1191 (2016)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE S&P 1992, pp. 72–84 (1992)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). doi:10.1007/3-540-45539-6_11
Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001). doi:10.1007/3-540-44987-6_29
Jiang, S., Gong, G.: Password based key exchange with mutual authentication. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 267–279. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30564-4_19
Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40041-4_25
Hu, X., Zhang, J., et al.: Universally composable anonymous password authenticated key exchange. Sci. China Inf. Sci. 60(5), 52107 (2017)
Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005). doi:10.1007/978-3-540-30580-4_6
Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: Proceedings of the STOC 1995, pp. 57–66 (1995)
Chang, T., Hwang, M., Yang, W.: A communication-efficient three-party password authenticated key exchange protocol. Inf. Sci. 181, 217–226 (2011)
Xiong, H., Chen, Y., Guan, Z., et al.: Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys. Inf. Sci. 235, 329–340 (2013)
He, D., Chen, Y., Chen, J.: An ID-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. Arab. J. Sci. Eng. 38(8), 2055–2061 (2013)
Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005). doi:10.1007/11426639_24
Wang, D., Wang, P.: On the implications of Zipf’s law in passwords. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 111–131. Springer, Cham (2016). doi:10.1007/978-3-319-45744-4_6
Wang, D., Zhang, Z., Wang, P., et al.: Targeted online password guessing: an underestimated threat. In: Proceedings of the ACM CCS 2016, pp. 1242–1254 (2016)
Deng, M., Ma, J., Le, F.: Universally composable three party password-based key exchange protocol. China Commun. 6(3), 150–155 (2009)
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings of the FOCS 2001, pp. 136–145 (2001)
Yuan, W., Hu, L., Li, H., et al.: Offline dictionary attack on a universally composable three-party password-based key exchange protocol. Procedia Eng. 15, 1691–1694 (2011)
Hu, X., Zhang, Z., Zhang, Q.: Universally composable three-party password-authenticated key exchange with contributiveness. Int. J. Commun Syst 28(6), 1100–1111 (2015)
Abdalla, M., Catalano, D., Chevalier, C., Pointcheval, D.: Efficient two-party password-based key exchange protocols in the UC framework. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 335–351. Springer, Heidelberg (2008). doi:10.1007/978-3-540-79263-5_22
Groce, A., Katz, J.: A new framework for efficient password-based authenticated key exchange. In: Proceedings of the ACM CCS 2010, pp. 516–525 (2010)
Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). doi:10.1007/3-540-39200-9_33
Abdalla, M., Chevalier, C., Pointcheval, D.: Smooth projective hashing for conditionally extractable commitments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 671–689. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03356-8_39
Abdalla, M., Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D.: SPHF-friendly non-interactive commitments. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 214–234. Springer, Heidelberg (2013). doi:10.1007/978-3-642-42033-7_12
Wang, W., Hu, L.: Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 118–132. Springer, Heidelberg (2006). doi:10.1007/11941378_10
Canetti, R., Rabin, T.: Universal composition with joint state. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_16
Acknowledgments
This work is supported by the National Natural Science Foundation of China (Grant Nos. 61502527 and 61379150).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Zhang, Q., Hu, X., Wei, J., Liu, W. (2017). Universally Composable Three-Party Password Authenticated Key Exchange. In: Sun, X., Chao, HC., You, X., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2017. Lecture Notes in Computer Science(), vol 10603. Springer, Cham. https://doi.org/10.1007/978-3-319-68542-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-68542-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68541-0
Online ISBN: 978-3-319-68542-7
eBook Packages: Computer ScienceComputer Science (R0)