Gateway Threshold Password-based Authenticated Key Exchange Secure against Undetectable On-line Dictionary Attack

Yukou Kobayashi, Naoto Yanai, Kazuki Yoneyama, Takashi Nishide, Goichiro Hanaoka, Kwangjo Kim, Eiji Okamoto

Abstract

Password-based Authenticated Key Exchange (PAKE) allows a server to authenticate a user and to establish a session key shared between the server and the user just by having memorable passwords. In PAKE, conventionally the server is assumed to have the authentication functionality and also provide on-line services simultaneously. However, in the real-life applications, this may not be the case, and the authentication server may be separate from on-line service providers. In such a case, there is a problem that a malicious service provider with no authentication functionality may be able to guess the passwords by interacting with other participants repeatedly. Abdalla et al. put forward a notion of the server password protection security to deal with this problem. However, their proposed schemes turned out to be vulnerable to Undetectable On-line Dictionary Attack (UDonDA). To cope with this situation, we propose the Gateway Threshold PAKE provably secure against this password guessing attack by also taking the corruption of authentication servers into consideration.

References

  1. Abdalla, M., Chevassut, O., Fouque, P.A., Pointcheval, D.: A Simple Threshold Authenticated Key Exchange from Short Secrets. ASIACRYPT 2005, LNCS vol.3788, pp.566-584 (2005)
  2. Abdalla, M., Izabachene, M., Pointcheval, D.: Anonymous and Transparent Gateway-Based PasswordAuthenticated Key Exchange. CANS 2008, LNCS vol.5339, pp.133-148 (2008)
  3. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. EUROCRYPT 2000, LNCS vol.1807, pp.139- 155, (2000)
  4. Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using DiffieHellman. EUROCRYPT 2000, LNCS vol.1807, pp.156-171, (2000)
  5. Bresson, E., Chevassut, O., Pointcheval, D.: New Security Results on Encrypted Key Exchange. PKC 2004, LNCS vol.2947, pp.145-158 (2004)
  6. Byun, J.W., Lee, D.H., Lim, J.I.: Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol. IEEE Communications Letters vol.10 no.9, pp.683-685 (2006)
  7. Ding, Y., Horster, P.: Undetectable On-line Password Guessing Attacks. Operating Systems Review vol.29 no.4, pp.77-86 (1995)
  8. European Network and Information Security Agency.: Cloud computing risk assessment. (2009)
  9. European Network and Information Security Agency.: Heartbleed Wake Up Call. (2014)
  10. Gennaro, R., Jarecki, S.,Krawczyk, H., Rabin, T.: Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. J. Cryptology vol.20 no.1, pp.51-83 (2007)
  11. Goldreich, O., Lindell, Y.: Session-Key Generation Using Human Passwords Only. CRYPTO 2001, LNCS vol.2139, pp.408-432, (2001)
  12. Katz, J., Ostrovsky, R., Yung, M.: Efficient PasswordAuthenticated Key Exchange Using HumanMemorable Passwords. EUROCRYPT 2001, LNCS vol.2045, pp.475-494, (2001)
  13. Szydlo, M.: A Note on Chosen-Basis Decisional DiffieHellman Assumptions. FC 2006, LNCS vol.4107, pp.166-170 (2006)
  14. Wei, F., Ma, C., Zhang, Z.: Gateway-Oriented PasswordAuthenticated Key Exchange Protocol with Stronger Security. ProvSec 2011, LNCS vol.6980, pp.366-379 (2011)
  15. Wei, F., Zhang, Z., Ma, C.: Analysis and Enhancement of an Optimized Gateway-Oriented Password-Based Authenticated Key Exchange Protocol. IEICE Transactions vol.96-A no.9, pp.1864-1871 (2013)
  16. Wei, F., Zhang, Z., Ma, C.: Gateway-oriented passwordauthenticated key exchange protocol in the standard model. Journal of Systems and Software vol.85 no.3, pp.760-768 (2012)
Download


Paper Citation


in Harvard Style

Kobayashi Y., Yanai N., Yoneyama K., Nishide T., Hanaoka G., Kim K. and Okamoto E. (2015). Gateway Threshold Password-based Authenticated Key Exchange Secure against Undetectable On-line Dictionary Attack . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 39-52. DOI: 10.5220/0005539300390052


in Bibtex Style

@conference{secrypt15,
author={Yukou Kobayashi and Naoto Yanai and Kazuki Yoneyama and Takashi Nishide and Goichiro Hanaoka and Kwangjo Kim and Eiji Okamoto},
title={Gateway Threshold Password-based Authenticated Key Exchange Secure against Undetectable On-line Dictionary Attack},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={39-52},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005539300390052},
isbn={978-989-758-117-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Gateway Threshold Password-based Authenticated Key Exchange Secure against Undetectable On-line Dictionary Attack
SN - 978-989-758-117-5
AU - Kobayashi Y.
AU - Yanai N.
AU - Yoneyama K.
AU - Nishide T.
AU - Hanaoka G.
AU - Kim K.
AU - Okamoto E.
PY - 2015
SP - 39
EP - 52
DO - 10.5220/0005539300390052