Skip to main content
SpringerLink
Log in

Universally Composable Three-Party Password Authenticated Key Exchange

  • Conference paper
  • First Online:
Cloud Computing and Security (ICCCS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10603))

Included in the following conference series:

  • 2619 Accesses

Abstract

Three-party password authenticated key exchange (3PAKE) allows two clients, each sharing a password with a trusted server, to establish a session key with the help of the server. It is a quite practical mechanism for establishing secure channels in large communication network. However, most current 3PAKE protocols are analyzed in security models that don’t adequately address protocol composition problem. In this paper, a direct definition of security for 3PAKE within the universal composability framework is proposed, which captures the basic security requirements of the problem and is proven to be stronger than the commonly used security notions. To further justify our formulation of 3PAKE, we prove that a slight variant of a generic 3PAKE protocol by Wang and Hu securely realizes the new security definition.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Yuan, C., Sun, X., Lv, R.: Fingerprint liveness detection based on multi-scale LPQ and PCA. China Commun. 13(7), 60–65 (2016)

    Article  Google Scholar 

  2. Fu, Z., Sun, X., Ji, S., et al.: Towards efficient content-aware search over encrypted outsourced data in cloud. In: Proceedings of the INFOCOM, San Francisco, CA (2016)

    Google Scholar 

  3. Xia, Z., Zhu, Y., Sun, X., et al.: Towards privacy-preserving content-based image retrieval in cloud computing. IEEE Trans. Cloud Comput. (in press)

    Google Scholar 

  4. Xia, Z., Wang, X., Zhang, L., et al.: A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Trans. Inf. Forensics Secur. 11(11), 2594–2608 (2016)

    Article  Google Scholar 

  5. Xia, Z., Xiong, N., Vasilakos, A., et al.: EPCBIR: an efficient and privacy-preserving content-based image retrieval scheme in cloud computing. Inf. Sci. 387, 195–204 (2017)

    Article  Google Scholar 

  6. Xia, Z., Lv, R., Zhu, Y., et al.: Fingerprint liveness detection using gradient-based texture features. SIViP 11(2), 381–388 (2017)

    Article  Google Scholar 

  7. Xiong, L., Xu, Z., Xu, Y.: A secure re-encryption scheme for data services in a cloud computing environment. Concurr. Comput.: Pract. Exp. 27(17), 4573–4585 (2015)

    Article  Google Scholar 

  8. Chen, X., et al.: Reversible watermarking method based on asymmetric-histogram shifting of prediction errors. J. Syst. Softw. 86(10), 2620–2626 (2013)

    Article  Google Scholar 

  9. Fu, Z., Ren, K., et al.: Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE TPDS 27(9), 2546–2559 (2016)

    Google Scholar 

  10. Zhang, Z., Yang, K., Hu, X., et al.: Practical anonymous password authentication and TLS with anonymous client authentication. In: Proceedings of the CCS 2016, pp. 1179–1191 (2016)

    Google Scholar 

  11. Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the IEEE S&P 1992, pp. 72–84 (1992)

    Google Scholar 

  12. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). doi:10.1007/3-540-45539-6_11

    Chapter  Google Scholar 

  13. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001). doi:10.1007/3-540-44987-6_29

    Chapter  Google Scholar 

  14. Jiang, S., Gong, G.: Password based key exchange with mutual authentication. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 267–279. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30564-4_19

    Chapter  Google Scholar 

  15. Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40041-4_25

    Chapter  Google Scholar 

  16. Hu, X., Zhang, J., et al.: Universally composable anonymous password authenticated key exchange. Sci. China Inf. Sci. 60(5), 52107 (2017)

    Article  Google Scholar 

  17. Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005). doi:10.1007/978-3-540-30580-4_6

    Chapter  Google Scholar 

  18. Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: Proceedings of the STOC 1995, pp. 57–66 (1995)

    Google Scholar 

  19. Chang, T., Hwang, M., Yang, W.: A communication-efficient three-party password authenticated key exchange protocol. Inf. Sci. 181, 217–226 (2011)

    Article  MathSciNet  Google Scholar 

  20. Xiong, H., Chen, Y., Guan, Z., et al.: Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys. Inf. Sci. 235, 329–340 (2013)

    Article  MATH  MathSciNet  Google Scholar 

  21. He, D., Chen, Y., Chen, J.: An ID-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. Arab. J. Sci. Eng. 38(8), 2055–2061 (2013)

    Article  MATH  MathSciNet  Google Scholar 

  22. Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005). doi:10.1007/11426639_24

    Chapter  Google Scholar 

  23. Wang, D., Wang, P.: On the implications of Zipf’s law in passwords. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 111–131. Springer, Cham (2016). doi:10.1007/978-3-319-45744-4_6

    Chapter  Google Scholar 

  24. Wang, D., Zhang, Z., Wang, P., et al.: Targeted online password guessing: an underestimated threat. In: Proceedings of the ACM CCS 2016, pp. 1242–1254 (2016)

    Google Scholar 

  25. Deng, M., Ma, J., Le, F.: Universally composable three party password-based key exchange protocol. China Commun. 6(3), 150–155 (2009)

    Google Scholar 

  26. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings of the FOCS 2001, pp. 136–145 (2001)

    Google Scholar 

  27. Yuan, W., Hu, L., Li, H., et al.: Offline dictionary attack on a universally composable three-party password-based key exchange protocol. Procedia Eng. 15, 1691–1694 (2011)

    Article  Google Scholar 

  28. Hu, X., Zhang, Z., Zhang, Q.: Universally composable three-party password-authenticated key exchange with contributiveness. Int. J. Commun Syst 28(6), 1100–1111 (2015)

    Article  Google Scholar 

  29. Abdalla, M., Catalano, D., Chevalier, C., Pointcheval, D.: Efficient two-party password-based key exchange protocols in the UC framework. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 335–351. Springer, Heidelberg (2008). doi:10.1007/978-3-540-79263-5_22

    Chapter  Google Scholar 

  30. Groce, A., Katz, J.: A new framework for efficient password-based authenticated key exchange. In: Proceedings of the ACM CCS 2010, pp. 516–525 (2010)

    Google Scholar 

  31. Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). doi:10.1007/3-540-39200-9_33

    Chapter  Google Scholar 

  32. Abdalla, M., Chevalier, C., Pointcheval, D.: Smooth projective hashing for conditionally extractable commitments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 671–689. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03356-8_39

    Chapter  Google Scholar 

  33. Abdalla, M., Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D.: SPHF-friendly non-interactive commitments. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 214–234. Springer, Heidelberg (2013). doi:10.1007/978-3-642-42033-7_12

    Chapter  Google Scholar 

  34. Wang, W., Hu, L.: Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 118–132. Springer, Heidelberg (2006). doi:10.1007/11941378_10

    Chapter  Google Scholar 

  35. Canetti, R., Rabin, T.: Universal composition with joint state. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_16

    Chapter  Google Scholar 

Download references

Acknowledgments

This work is supported by the National Natural Science Foundation of China (Grant Nos. 61502527 and 61379150).

Author information

Authors and Affiliations

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, 450002, China

    Qihui Zhang, Xuexian Hu, Jianghong Wei & Wenfen Liu

Authors
  1. Qihui Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xuexian Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianghong Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wenfen Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xuexian Hu .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. National Dong Hwa University, Shoufeng, Taiwan

    Han-Chieh Chao

  3. China Information Technology Security Evaluation Center, Nanjing, China

    Xingang You

  4. Department of Computer Science, Purdue University, West Lafayette, Indiana, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, Q., Hu, X., Wei, J., Liu, W. (2017). Universally Composable Three-Party Password Authenticated Key Exchange. In: Sun, X., Chao, HC., You, X., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2017. Lecture Notes in Computer Science(), vol 10603. Springer, Cham. https://doi.org/10.1007/978-3-319-68542-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68542-7_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68541-0

  • Online ISBN: 978-3-319-68542-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation