Server-aided password-authenticated key exchange: from 3-party to group
Pages 339 - 348
Abstract
Protocols for group key exchange are cryptographic algorithms that describe how a group of parties communicating over a public network can come up with a common secret key. Due to their critical role in building secure multicast channels, a number of group key exchange protocols have been proposed over the years for a variety of settings. In this work, we present a new protocol for password-authenticated group key exchange in the model where the clients wishing to establish a common secret do not share any password between them but hold their individual password shared with a trusted server. This model is practical in that no matter how many different session keys for different groups a client wants to generate, he/she does not need to hold multiple passwords but only needs to remember a single password shared with the server. Our construction is generic. We assume a 3-party password-authenticated key exchange protocol and use it as a key component in building our password-authenticated GKE protocol. Our generic protocol requires no further long-term secrets than those used in the underlying 3-party protocol. This implies that if the given 3-party protocol is password-only authenticated, then our group key exchange protocol is password-only authenticated as well.
References
[1]
Abdalla, M., Bohli, J.-M., González Vasco, M.I., Steinwandt, R. (Password) authenticated key establishment: From 2-party to group. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 499-514. Springer, Heidelberg (2007).
[2]
Abdalla, M., Bresson, E., Chevassut, O., Pointcheval, D.: Password-based group key exchange in a constant number of rounds. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 427-442. Springer, Heidelberg (2006).
[3]
Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65-84. Springer, Heidelberg (2005).
[4]
Boyd, C., Nieto, J.: Round-optimal contributory conference key agreement. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 161-174. Springer, Heidelberg (2002).
[5]
Bresson, E., Chevassut, O., Pointcheval, D.: Group diffie-hellman key exchange secure against dictionary attacks. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 497-514. Springer, Heidelberg (2002).
[6]
Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably authenticated group Diffie-Hellman key exchange. In: 8th ACM Conference on Computer and Communications Security (CCS 2001), pp. 255-264 (2001).
[7]
Burmester, M., Desmedt, Y.G.: A secure and efficient conference key distribution system. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275-286. Springer, Heidelberg (1995).
[8]
Burmester, M., Desmedt, Y.: Efficient and secure conference-key distribution. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 119-129. Springer, Heidelberg (1997).
[9]
Byun, J.W., Lee, D.-H.: N-party encrypted diffie-hellman key exchange using different passwords. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 75-90. Springer, Heidelberg (2005).
[10]
Byun, J.W., Lee, S.-M., Lee, D.-H., Hong, D.: Constant-round password-based group key generation for multi-layer ad-hoc networks. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 3-17. Springer, Heidelberg (2006).
[11]
Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Errors in computational complexity proofs for protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 624-643. Springer, Heidelberg (2005).
[12]
Facebook, http://www.facebook.com
[13]
Ingemarsson, I., Tang, D., Wong, C.: A conference key distribution system. IEEE Transactions on Information Theory 28(5), 714-720 (1982).
[14]
Katz, J., Shin, J.: Modeling insider attacks on group key-exchange protocols. In: 12th ACM Conference on Computer and Communications Security (CCS 2005), pp. 180-189 (2005).
[15]
Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110-125. Springer, Heidelberg (2003).
[16]
Kim, H., Lee, S., Lee, D.: Constant-round authenticated group key exchange for dynamic groups. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 245- 259. Springer, Heidelberg (2004).
[17]
Kim, Y., Perrig, A., Tsudik, G.: Simple and fault-tolerant key agreement for dynamic collaborative groups. In: 7th ACM Conference on Computer and Communications Security (CCS 2000), pp. 235-244 (2000).
[18]
Kim, Y., Perrig, A., Tsudik, G.: Communication-efficient group key agreement. In: IFIP SEC 2001, pp. 229-244 (2001).
[19]
Kwon, J., Jeong, I., Sakurai, K., Lee, D.: Password-authenticated multi-party key exchange with different passwords. Cryptology ePrint Archive, Report 2006/476 (2006).
[20]
Mayer, M., Yung, M.: Secure protocol transformation via "Expansion": From two-party to groups. In: 6th ACM Conference on Computer and Communications Security (CCS 1999), pp. 83-92 (1999).
[21]
Nam, J., Paik, J., Kim, U.-M., Won, D.H.: Constant-round authenticated group key exchange with logarithmic computation complexity. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 158-176. Springer, Heidelberg (2007).
[22]
Nam, J., Paik, J., Kim, U., Won, D.: Security enhancement to a password-authenticated group key exchange protocol for mobile ad-hoc networks. IEEE Communications Letters 12(2), 127-129 (2008).
[23]
Pereira, O., Quisquater, J.-J.: A security analysis of the Cliques protocols suites. In: 14th IEEE Computer Security Foundations Workshop, pp. 73-81 (2001).
[24]
Shim, K., Woo, S.: Cryptanalysis of tripartite and multi-party authenticated key agreement protocols. Information Sciences 177(4), 1143-1151 (2007).
[25]
Twitter, http://twitter.com
[26]
Wang, W., Hu, L.: Efficient and provably secure generic construction of threeparty password-based authenticated key exchange protocols. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 118-132. Springer, Heidelberg (2006).
[27]
Yi, X., Tso, R., Okamoto, E.: ID-Based group password-authenticated key exchange. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 192-211. Springer, Heidelberg (2009).
Recommendations
Password-Authenticated Group Key Exchange: A Cross-Layer Design
Special Issue on Internet of Things (IoT): Smart and Secure Service DeliveryTwo-party password-authenticated key exchange (2PAKE) protocols provide a natural mechanism for secret key establishment in distributed applications, and they have been extensively studied in past decades. However, only a few efforts have been made so ...
A general compiler for password-authenticated group key exchange protocol
Password-authenticated group key exchange protocols allow that a group of participants who share a human-memorable (short) password can obtain a common session key in a secure way over public networks. In this paper, we design a compiler, which ...
ID2S Password-Authenticated Key Exchange Protocols
In a two-server password-authenticated key exchange (PAKE) protocol, a client splits its password and stores two shares of its password in the two servers, respectively, and the two servers then cooperate to authenticate the client without knowing the ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 09 July 2011
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 02 Oct 2024