Abstract
Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modern communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Pas sword-Authenticated Key Exchange (C2C-PAKE). Security notions and types of possible attacks are newly defined according to the new framework. We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-server setting.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. Bellare, D. Pointcheval and P. Rogaway, “Authenticated key exchange secure against dictionary attacks”, Eurocrypt’00, LNCS Vol. 1807, pp. 139–155, Springer-Verlag, 2000.
S. Bellovin and M. Merrit, “Encrypted key exchange: password based protocols secure against dictionary attacks”, In Proceedings of the Symposium on Security and Privacy, pp. 72–84, IEEE, 1992.
C. Boyd, A. Mathuria, “Key establishment protocols for secure mobile communications: A selective survey”, ACISP’98, LNCS Vol. 1438, pp. 344–355, Springer-Verlag, 1998.
V. Boyko, P. MacKenzie, and S. Patel, “Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman”, Eurocrypt’00, LNCS Vol. 1807, pp. 156–171, Springer-Verlag, 2000
G. D. Crescenzo, O. Kornievskaia, “Efficient kerberized multicast in a practical distributed setting”, ISC’01, LNCS Vol. 2200, pp. 27–45, Springer-Verlag, 2001.
D. Denning, G. Sacco, “Timestamps in key distribution protocols”, Communications of the ACM, Vol. 24, No. 8, pp. 533–536, 1981.
D. Jablon, “Strong password-only authenticated key exchange”, Computer Communication Review, Vol. 26, No. 5, pp. 5–26, 1996.
O. Goldreich and Y. Lindell, “Session-Key Generation Using Human Passwords Only”, Crypto’01, LNCS Vol. 2139, pp. 408–432, Springer-Verlag, 2001.
B. Jaspan, “Dual-workfactor encrypted key exchange: Efficiency preventing password chaining attacks”, In Proceedings of the sixth annual USENIX security conference, pp. 43–50, July 1996.
M. Hur, B. Tung, T. Ryutov, C. Neuman, A. Medvinsky, G. Tsudik, and B. Sommerfeld, “Pulbic key cryptography for cross-realm authentication in kerberos”, Internet draft, May 2001.
J. Katz, R. Ostrovsky and M. Yung, “Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords”, Eurocrypt’01, LNCS Vol. 2045, pp. 475–494, Springer-Verlag, 2001.
S. Lucks, “Open key exchange: How to defeat dictionary attacks without encryting public keys”, The security Protocol Workshop’ 97, pp. 79–90, 1997.
M. Steiner, G. Tsudik, and M. Waider, “Refinement and extension of encrypted key exchange”, A CM Operation Sys. Review, Vol. 29, No. 3, pp. 22–30, 1995.
S. P. Miller, B. C. Neuman, J. I. Schiller, J. H. Saltzer, “Kerberos Authentication and Authorization System”, Section E.2.1, Project Athena Technical Plan, M.I.T. October 1988.
T. Wu, “Secure Remote Password Protocol”, In Proceedings of the Internet Society Network and Distributed System Security Symposium, pp. 97–111, 1998.
T. Wu, “A Real-World Analysis of Kerberos Password Security”, In Proceedings of the Internet Society Network and Distributed System Security Symposium, 1999.
V. Varadharajan and Y. Mu, “On the Design of Security Protocols for Mobile Communications”, In Proceedings of Twelfth Annual Computer Security Applications Conference, pp. 78–87. IEEE Computer Society Press, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Byun, J.W., Jeong, I.R., Lee, D.H., Park, CS. (2002). Password-Authenticated Key Exchange between Clients with Different Passwords. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_12
Download citation
DOI: https://doi.org/10.1007/3-540-36159-6_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00164-5
Online ISBN: 978-3-540-36159-6
eBook Packages: Springer Book Archive