Skip to main content
SpringerLink
Log in

An efficient and practical threshold gateway-oriented password-authenticated key exchange protocol in the standard model

一个标准模型下高效实用的门限网关口令认证密钥交换协议

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

With the assistance of an authentication server, a gateway-oriented password-authenticated key exchange (GPAKE) protocol can establish a common session key shared between a client and a gateway. Unfortunately, a GPAKE protocol becomes totally insecure if an adversary can compromise the authentication server and steal the passwords of the clients. In order to provide resilience against adversaries who can hack into the authentication server, we propose a threshold GPAKE protocol and then present its security proof in the standard model based on the hardness of the decisional Diffie-Hellman (DDH) problem. In our proposal, the password is shared among n authentication servers and is secure unless the adversary corrupts more than t+1 servers. Our protocol requires n > 3t servers to work. Compared with existing threshold PAKE protocols, our protocol maintains both stronger security and greater efficiency.

创新点

网关口令认证密钥交换协议(简称网关口令协议)可以在认证服务器的协助下为用户和网关建立共享的会话密钥。但如果攻击者腐化认证服务器并且窃取了所有用户的口令信息,那么网关口令协议的安全性将无法保证。针对黑客对服务器的入侵攻击给网关口令协议带来的巨大安全威胁,我们设计了一个门限网关口令协议并且在标准模型下基于DDH假设证明了协议的安全性。在我们的协议中,口令被n个服务器以秘密共享的方式分享,攻击者只有腐化t+1个服务器才能够得到用户口令。与已有的同类协议相比,我们的协议不仅具有更强的安全性而且具有更高的效率。

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Xia Z H, Wang X H, Sun X M, et al. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst, 2015, 27: 340–352

    Article  Google Scholar 

  2. Fu Z J, Sun X M, Liu Q, et al. Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans Commun, 2015, 98: 190–200

    Article  Google Scholar 

  3. Ren Y J, Shen J, Wang J, et al. Mutual verifiable provable data auditing in public cloud storage. J Internet Tech, 2015, 16: 317–323

    Google Scholar 

  4. Ni L, Chen G L, Li J H, et al. Strongly secure identity-based authenticated key agreement protocols in the escrow mode. Sci China Inf Sci, 2013, 56: 082113

    Article  MathSciNet  Google Scholar 

  5. He D B, Zeadally S, Xu B W, et al. An efficient identity-based conditional privacy-preserving authentication scheme for vehicular Ad-hoc networks. IEEE Trans Inf Foren Sec, 2015, 10: 2681–2691

    Article  Google Scholar 

  6. Wang S B, Zhu Y, Ma D, et al. Lattice-based key exchange on small integer solution problem. Sci China Inf Sci, 2014, 57: 112111

    MathSciNet  Google Scholar 

  7. He D B, Zeadally S. Authentication protocol for an ambient assisted living system. IEEE Commun Mag, 2015, 53: 71–77

    Article  Google Scholar 

  8. Abdalla M, Chevassut O, Fouque P A, et al. A simple threshold authenticated key exchange from short secrets. In: Advances in Cryptology — ASIACRYPT 2005. Berlin: Springer, 2005. 566–584

    Chapter  Google Scholar 

  9. Byun J W, Lee D H, Lim J I. Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol. IEEE Commun Lett, 2006, 10: 683–685

    Article  Google Scholar 

  10. Kyung S. Cryptanalysis and enhancement of modified gateway-oriented password-based authenticated key exchange protocol. IEICE Trans Fund Electron Commun Comput Sci, 2008, 91: 3837–3839

    Google Scholar 

  11. Abdalla M, Izabachene M, Pointcheval D. Anonymous and transparent gateway-based password-authenticated key exchange. In: Cryptology and Network Security. Berlin: Springer, 2008. 133–148

    Chapter  Google Scholar 

  12. Chor B, Kushilevitz E, Goldreich O, et al. Private information retrieval. J ACM, 1998, 45: 965–981

    Article  MathSciNet  MATH  Google Scholar 

  13. Yoon E J, Yoo K Y. An optimized gateway-oriented password-based authenticated key exchange protocol. IEICE Trans Fund Electron Commun Comput Sci, 2010, 93: 850–853

    Article  Google Scholar 

  14. Wei F S, Zhang Z F, Ma C G. Gateway-oriented password-authenticated key exchange protocol in the standard model. J Syst Softw, 2012, 85: 760–768

    Article  Google Scholar 

  15. Jiang S Q, Gong G. Password based key exchange with mutual authentication. In: Selected Areas in Cryptography. Berlin: Springer, 2005. 267–279

    Google Scholar 

  16. Wei F S, Zhang Z F, Ma C G. Analysis and enhancement of an optimized gateway-oriented password-based authenticated key exchange protocol. IEICE Trans Fund Electron Commun Comput Sci, 2013, 96: 1864–1871

    Article  Google Scholar 

  17. Chien H Y, Wu T C, Yeh M K. Provably secure gateway-oriented password-based authenticated key exchange protocol resistant to password guessing attacks. J Inf Sci Eng, 2013, 29: 249–265

    MathSciNet  Google Scholar 

  18. Choi S B, Yoon E J. Cryptanalysis of provably secure gateway-oriented password-based authenticated key exchange protocol. Appl Math Sci, 2013, 7: 6319–6328

    Article  Google Scholar 

  19. Ford W, Kaliski B S. Server-assisted generation of a strong secret from a password. In: Proceedings of IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, Gaithersburg, 2000. 176–180

    Google Scholar 

  20. Jablon D P. Password authentication using multiple servers. In: Topics in Cryptology — CT-RSA 2001. Berlin: Springer, 2001. 344–360

    Chapter  Google Scholar 

  21. MacKenzie P, Shrimpton T, Jakobsson M. Threshold password-authenticated key exchange. In: Advances in Cryptology — CRYPTO 2002. Berlin: Springer, 2002. 385–400

    Chapter  Google Scholar 

  22. MacKenzie P, Shrimpton T, Jakobsson M. Threshold password-authenticated key exchange. J Cryptol, 2006, 19: 27–66

    Article  MathSciNet  MATH  Google Scholar 

  23. Raimondo M, Gennaro R. Provably secure threshold password-authenticated key exchange. In: Advances in Cryptology — EUROCRYPT 2003. Berlin: Springer, 2003. 507–523

    Chapter  Google Scholar 

  24. Raimondo M, Gennaro R. Provably secure threshold password-authenticated key exchange. J Comput Syst Sci, 2006, 72: 978–1001

    Article  MathSciNet  MATH  Google Scholar 

  25. Katz J, Ostrovsky R, Yung M. Efficient and secure authenticated key exchange using weak passwords. J ACM, 2009, 57: 3

    Article  MathSciNet  MATH  Google Scholar 

  26. Lee S, Han K, Kang S, et al. Threshold password-based authentication using bilinear pairings. In: Public Key Infrastructure. Berlin: Springer, 2004. 350–363

    Chapter  Google Scholar 

  27. Chai Z, Cao Z, Lu R. Threshold password authentication against guessing attacks in Ad hoc networks. Ad Hoc Netw, 2007, 5: 1046–1054

    Article  Google Scholar 

  28. Li C T, Chu Y P. Cryptanalysis of threshold password authentication against guessing attacks in ad hoc networks. Int J Netw Secur, 2009, 8: 166–168

    Google Scholar 

  29. Guo P, Wang J, Li B, et al. A variable threshold-value authentication architecture for wireless mesh networks. J Int Tech, 2014, 15: 929–936

    Google Scholar 

  30. Bagherzandi A, Jarecki S, Saxena N, et al. Password-protected secret sharing. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. New York: ACM, 2011. 433–444

    Google Scholar 

  31. Jarecki S, Kiayias A, Krawczyk H. Round-optimal password-protected secret sharing and t-pake in the password-only model. In: Advances in Cryptology — ASIACRYPT 2014. Berlin: Springer, 2014. 233–253

    Google Scholar 

  32. Camenisch J, Lehmann A, Lysyanskaya A, et al. Memento: how to reconstruct your secrets from a single password in a hostile environment. In: Advances in Cryptology — CRYPTO 2014. Berlin: Springer, 2014. 256–275

    Chapter  Google Scholar 

  33. Hasegawa S, Isobe S, Iwazaki J Y, et al. A strengthened security notion for password-protected secret sharing schemes. IEICE Trans Fund Electron Commun Comput Sci, 2015, 98: 203–212

    Article  Google Scholar 

  34. Chaum D, Pedersen T P. Wallet databases with observers. In: Advances in Cryptology — CRYPTO’92. Berlin: Springer, 1993. 89–105

    Google Scholar 

  35. Katz J, Vaikuntanathan V. Round-optimal password-based authenticated key exchange. J Cryptol, 2013, 26: 714–743

    Article  MathSciNet  MATH  Google Scholar 

  36. Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing. In: Advances in Cryptology — CRYPTO’91. Berlin: Springer, 1992. 129–140

    Google Scholar 

  37. Hastad J, Impagliazzo R, Levin L A, et al. A pseudorandom generator from any one-way function. SIAM J Comput, 1999, 28: 1364–1396

    Article  MathSciNet  MATH  Google Scholar 

  38. Abe M, Cramer R, Fehr S. Non-interactive distributed-verifier proofs and proving relations among commitments. In: Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology. London: Springer, 2002. 206–223

    Google Scholar 

  39. Abdalla M, Bellare M, Rogaway P. The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Proceedings of the Conference on Topics in Cryptology: the Cryptographer’s Track at RSA. London: Springer, 2001. 143–158

    Google Scholar 

  40. Jutla C, Roy A. Relatively-sound NIZKs and password-based key-exchange. In: Proceedings of the 15th International Conference on Practice and Theory in Public Key Cryptography. Berlin: Springer, 2012. 485–503

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an, 710071, China

    Fushan Wei & Jianfeng Ma

  2. State Key Laboratory of Mathematical Engineering and Advanced Computing, The PLA Information Engineering University, Zhengzhou, 450001, China

    Fushan Wei, Ruijie Zhang & Chuangui Ma

  3. Engineering University of CAPF, Xi’an, 710078, China

    Xuan Wang

Authors
  1. Fushan Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ruijie Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chuangui Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fushan Wei.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wei, F., Ma, J., Zhang, R. et al. An efficient and practical threshold gateway-oriented password-authenticated key exchange protocol in the standard model. Sci. China Inf. Sci. 60, 72103 (2017). https://doi.org/10.1007/s11432-016-5535-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11432-016-5535-7

Keywords

关键词

Search

Navigation