Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Password-Authenticated Key Exchange between Clients with Different Passwords

서로 다른 패스워드를 가진 사용자간의 패스워드 인증 키 교환 프로토콜

  • 변지욱 (고려대학교 정보보호기술연구센터(CIST)) ;
  • 정익래 (고려대학교 정보보호기술연구센터(CIST)) ;
  • 이동훈 (고려대학교 정보보호기술연구센터(CIST))
  • Published : 2003.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modem communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated ky exchange between clients based only on their two different Passwords without my Pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange(C2C-PAKE). Security notions and types of possible attacks are newly defined according to the new framework We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-sorrel setting.

논문에서 언급되어지는 대부분의 패스워드 인증 키 교환 프로토콜은 사전 분배된 패스워드를 기반으로 해서 서버와 사용자간의 인증된 키 교환을 제공한다. 현대 통신 환경의 빠른 변화에 의해, 기존의 서버와 사용자간의 패스워드인증 키 교환 프레임워크(framework)와는 틀린, 사용자와 사용자간의 안전한 종단간 인증(end-to-end authentication) 구축이 요구되어진다. 본 논문에서는 어떤 사전 비밀 값 분배 없이, 오직 사용자들간의 서로 다른 패스워드를 기반으로한 사용자간의 패스워드 인증 키 교환 프레임워크인, C2C-PAKE(client-to-client password-authenticated ky exchange)를 제안한다. 새로운 프레임워크에 적합한 안전성 개념들과 공격형태들이 정의된다. 또한 제안된 스킴이 정의되어진 총격들에 대해 안전함을 보인다. 본 논문은 두 개의 안전한 C2C-PAKE 스킴을 다중 영역(cross-realm) 환경과 단일서버(single-server) 환경에서 각각 제안한다.

Keywords

References

  1. Proceedings of the Symposium on Security and Privacy Encrypted key exchange:password based protocols secure against dictionary attacks S. Bellovin;M. Merrit
  2. The security Protocol Workshop '97 Open key exchange: How to defeat dictionary attacks without encryting public keys S. Lucks
  3. Proceedings of the Internet Society Network and Distributed System Security Symposium Secure Remote Password Protocol T. Wu
  4. Eurocrypt'00, LNCS v.1807 Authenticated key exchange secure against dictionary attacks M. Bellare;D. Pointcheval;P. Rogaway
  5. Eurocrypt'00, LNCS v.1807 Provably Secure Password-Authentica ted Key Exchange Using Diffie-Hellman V. Boyko;P. MacKenzie;S. Patel
  6. Eurocrypt'01, LNCS v.2045 Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords J. Katz;R. Ostrovsky;M. Yung
  7. Crypto'01, LNCS v.2139 Session-Key Generation Using Human Passwords Only O. Goldreich;Y. Lindell
  8. Proceedings of Twelfth Annual Computer Security Applications Conference On the Design of Security protocols for Mobile Communications V. Varadharajan;Y. Mu
  9. ACISP'98, LNCS v.1438 Key establishment protocols for secure mobile communications : A selective survey C. Boyd;A. Mathuria
  10. ISC'01, LNCS v.2200 Efficient kerberized multicast in a practical distributed setting G. D. Crescenzo;O. Kornievskaia
  11. ACM Operation Sys. Review v.29 no.3 Refinement and extension of encrypted key exchange M. Steiner;G. Tsudik;M. Waider
  12. Proceedings of the Internet Society Network and Distributed System Security Symposium A Real-World Analysis of Kerberos Password Security T. Wu
  13. Proceedings of the sixth annual USENIX security conference Dual-workfactor encrypted key exchange: Efficiency preventing password chaining attacks B. Jaspan
  14. Communications of the ACM v.24 no.8 Timestamps in key distribution protocols D. Denning;G. Sacco
  15. Project Athena Technical Plan Kerberos Authentication and Authorization System S. P. Miller;B. C. Neuman;J. I. Schiller;J. H.Saltzer
  16. Internet draft Pulbic key cryptography for cross-realm authentication in kerberos M. Hur;B. Tung;T. Ryutov;C. Neuman;A. Medvinsky;G. Tsudik;B. Sommerfeld