skip to main content
10.1145/2732209.2732212acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

The Fairy-Ring Dance: Password Authenticated Key Exchange in a Group

Published: 14 April 2015 Publication History

Abstract

In this paper, we study Password Authenticated Key Exchange (PAKE) in a group. First, we present a generic "fairy-ring dance" construction that transforms any secure two-party PAKE scheme to a group PAKE protocol while preserving the round efficiency in the optimal way. Based on this generic construction, we present two concrete instantiations based on using SPEKE and J-PAKE as the underlying PAKE primitives respectively. The first protocol, called SPEKE+, accomplishes authenticated key exchange in a group with explicit key confirmation in just two rounds. This is more round-efficient than any existing group PAKE protocols in the literature. The second protocol, called J-PAKE+, requires one more round than SPEKE+, but is computationally faster. Finally, we present full implementations of SPEKE+ and J-PAKE+ with detailed performance measurements. Our experiments suggest that both protocols are feasible for practical applications in which the group size may vary from three to several dozen. This makes them useful, as we believe, for a wide range of applications - e.g., to bootstrap secure communication among a group of smart devices in the Internet of Things (IoT).

References

[1]
M. Abdalla, C. Chevalier, L. Granboulan, D. Pointcheval, "Contributory Password-Authenticated Group Key Exchange with Join Capability," CT-RSA'11, LNCS 6558, pp. 142--160, 2011.
[2]
M. Abdalla, E. Bresson, O. Chevassut, D. Pointcheval, "Password-Based Group Key Exchange in a Constant Number of Rounds," PKC'06, LNCS 3958, pp. 427--442, 2006.
[3]
M. Burmester, Y. Desmedt, "A Secure and Efficient Conference Key Distribution System," EUROCRYPT'95, LNCS 950, pp. 275--286, 1995.
[4]
S. Bellovin and M. Merritt, "Encrypted Key Exchange: password-based protocols secure against dictionary attacks," Proc. IEEE Sym. Research in Security and Privacy, 1992.
[5]
M. Bellare, D. Pointcheval, P. Rogaway, "Authenticated key exchange secure against dictionary attacks," Eurocrypt'00, LNCS 1807, pp. 139--155, 2000.
[6]
E. Bresson, O. Chevassut, D. Pointcheval, "Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks," ASIACRYPT'02, LNCS 2501, pp. 497--514, 2002.
[7]
C. Boyd, A. Mathuria, Protocols for authentication and key establishment, Springer-Verlag, 2003.
[8]
D. Chaum and T. P. Pedersen, "Transferred Cash Grows in Size," EUROCRYPT'92, LNCS 658, pp. 390--407, 1993.
[9]
R. Dutta, R. Barua, "Password-based Encrypted Group Key Agreement," International Journal of Network Security, 3(1):23--34, 2006.
[10]
A. Fiat, A. Shamir, "How to Prove Yourself: Practical Solution to Identification and Signature Problems," CRYPTO'86, LNCS 263, pp. 186--189, 1987.
[11]
F. Hao, P. Ryan, "J-PAKE: Authenticated Key Exchange Without PKI," Springer Trans. on Computational Science XI, LNCS 6480, pp. 192--206, 2010.
[12]
F. Hao, S. F. Shahandashti, "The SPEKE Protocol Revisted," SSR'14, LNCS 8893, PP. 26--38, 2014.
[13]
D. He, C. Chen, M. Ma, S. Chan, J. Bu, "A Secure and Efficient Password Authenticated Group Key Exchange Protocol for Mobile Ad Hoc Networks." International Journal of Communication Systems, 26(4):495--504, 2011.
[14]
D. Jablon, "Strong Password-only Authenticated Key exchange," ACM Computer Communications Review, 26(5):5--26, October 1996.
[15]
J. Katz, M. Yung, "Scalable Protocols for Authenticated Group Key Exchange," CRYPTO'03, LNCS 2729, pp. 110--125, 2003.
[16]
J. O. Kwon, I. R. Jeong, D. H. Lee, "Provably-Secure Two-Round Password-Authenticated Group Key Exchange in the Standard Model," IWSEC'06, LNCS 4266, pp. 322--336, 2006.
[17]
A. J. Menezes, P. C. van Oorschot and S. A. Vanstone, Handbook of applied cryptography, CRC Press, 1996.
[18]
C.P. Schnorr, "Efficient signature generation by smart cards," Journal of Cryptology, 4(3):161--174, 1991.
[19]
Q. Tang, R. Choo, "Secure Password-Based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks," ACNS'06, LNCS 3989, pp. 162--177, 2006.
[20]
Z. Wan, R. H. Deng, F. Bao, B. Preneel, "nPAKE+": A Hierarchical Group Password-Authenticated Key Exchange Protocol Using Different Passwords," ICICS'07, LNCS 4861, pp. 31--43, 2007.
[21]
Z. Zhao, Z. Dong, Y. Wang, "Security analysis of a password-based authentication protocol proposed to IEEE 1363," Theoretical Computer Science, 352(1):280--287, 2006.

Cited By

View all
  • (2024)PATSIET Information Security10.1049/2024/75575142024Online publication date: 1-Jan-2024
  • (2020)Tap-PairProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3375740(61-72)Online publication date: 16-Mar-2020
  • (2019)Key Management for Beyond 5G Mobile Small Cells: A SurveyIEEE Access10.1109/ACCESS.2019.29143597(59200-59236)Online publication date: 2019

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security
April 2015
50 pages
ISBN:9781450334495
DOI:10.1145/2732209
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2015

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. group key exchange
  2. j-pake
  3. pake
  4. speke

Qualifiers

  • Research-article

Funding Sources

  • European Research Council Starting Grant

Conference

ASIA CCS '15
Sponsor:
ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security
April 14 - March 14, 2015
Singapore, Republic of Singapore

Acceptance Rates

IoTPTS '15 Paper Acceptance Rate 5 of 13 submissions, 38%;
Overall Acceptance Rate 16 of 39 submissions, 41%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)9
  • Downloads (Last 6 weeks)7
Reflects downloads up to 12 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)PATSIET Information Security10.1049/2024/75575142024Online publication date: 1-Jan-2024
  • (2020)Tap-PairProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3375740(61-72)Online publication date: 16-Mar-2020
  • (2019)Key Management for Beyond 5G Mobile Small Cells: A SurveyIEEE Access10.1109/ACCESS.2019.29143597(59200-59236)Online publication date: 2019

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media