A Secure Threshold Anonymous Password-Authenticated Key Exchange Protocol

Shin, SeongHan; Kobara, Kazukuni; Imai, Hideki

doi:10.1007/978-3-540-75651-4_30

Cited by 18 publications

(14 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Though some protocols turned out to be insecure, their main idea [2] deserves to be reconsidered that by correctly combining symmetric and asymmetric cryptographic techniques we can prevent an adversary from verifying a guessed password (i.e., doing off-line dictionary attacks). Since then, their Encrypted Key Exchange protocols have formed the ba- APAKE t-out-of-n APAKE (insecure against active attacks) [22] TAP (t = 1) TAP (t > 1) (secure against active attacks) (insecure against insider attacks) [26] NAPAKE D-NAPAKE (claimed to be secure against insider attacks) [23] VEAP − (the most efficient) sis for what we call Password-Authenticated Key Exchange (PAKE) protocols. Such protocols [10] have been in standardization of IEEE P1363.2.…”

Section: Anonymous Password-authenticated Key Exchange and Its Threshmentioning

confidence: 99%

“…The client anonymity is guaranteed against an outside adversary as well as a passive server, who follows the protocol honestly but it is curious about identity of the client involved with the protocol. In [22], Shin et al, pointed out that the t-out-of-n APAKE protocol [25] is insecure against an outside adversary (i.e., doing off-line dictionary attacks). Also, they proposed an anonymous PAKE (TAP (t = 1)) protocol and its threshold (TAP (t > 1)) which are only based on the PAKE protocol [1], and showed that their protocols are secure against an outside adversary.…”

Section: Copyright C 2011 the Institute Of Electronics Information Amentioning

confidence: 99%

“…As in [22], [23], [25], we consider a semi-honest server S , who honestly follows the protocol P, but it is curious about the involved clients' identities. The client anonymity is defined by the probability distribution of messages in P.…”

Section: Security Definitionsmentioning

confidence: 99%

See 2 more Smart Citations

Threshold Anonymous Password-Authenticated Key Exchange Secure against Insider Attacks

Shin

Kobara

Imai

2011

IEICE Trans. Inf. & Syst.

Self Cite

View full text Add to dashboard Cite

SUMMARYAn anonymous password-authenticated key exchange (PAKE) protocol is designed to provide both password-only authentication and client anonymity against a semi-honest server, who honestly follows the protocol. In INDOCRYPT2008, Yang and Zhang [26] proposed a new anonymous PAKE (NAPAKE) protocol and its threshold (D-NAPAKE) which they claimed to be secure against insider attacks. In this paper, we first show that the D-NAPAKE protocol [26] is completely insecure against insider attacks unlike their claim. Specifically, only one legitimate client can freely impersonate any subgroup of clients (the threshold t > 1) to the server. After giving a security model that captures insider attacks, we propose a threshold anonymous PAKE (called, TAP + ) protocol which provides security against insider attacks. Moreover, we prove that the TAP + protocol has semantic security of session keys against active attacks as well as insider attacks under the computational Diffie-Hellman problem, and provides client anonymity against a semi-honest server, who honestly follows the protocol. Finally, several discussions are followed: 1) We also show another threshold anonymous PAKE protocol by applying our Rationale to the non-threshold anonymous PAKE (VEAP) protocol [23]; and 2) We give the efficiency comparison, security consideration and implementation issue of the TAP + protocol. key words: password-authenticated key exchange, passwords, on-line/offline dictionary attacks, anonymity, insider attacks, provable security

show abstract

Section: Anonymous Password-authenticated Key Exchange and Its Threshmentioning

confidence: 99%

Section: Copyright C 2011 the Institute Of Electronics Information Amentioning

confidence: 99%

See 1 more Smart Citation

Threshold Anonymous Password-Authenticated Key Exchange Secure against Insider Attacks

Shin

Kobara

Imai

2011

IEICE Trans. Inf. & Syst.

Self Cite

View full text Add to dashboard Cite

show abstract

“…But [11] does not support the anonymous retrieval of credentials by the user in one protocol run. Here we extend the APAKE of [11] so that it can be used with ring signatures or group signatures. In our scenario, it is preferable to use ring signatures as contrarily to group signatures, ring signatures do not require a group manager (in charge of adding group members and revoking a member's anonymity) and additional setup for forming a group.…”

Section: Introductionmentioning

confidence: 96%

“…Recently, an efficient anonymous PAKE protocol has been proposed in [11] for performing anonymous authenticated key establishment. But [11] does not support the anonymous retrieval of credentials by the user in one protocol run. Here we extend the APAKE of [11] so that it can be used with ring signatures or group signatures.…”

Section: Introductionmentioning

confidence: 99%

Purpose-restricted Anonymous Mobile Communications Using Anonymous Signatures in Online Credential Systems

Fathi

Shin

Kobara

et al. 2009

Wireless Pers Commun

Self Cite

View full text Add to dashboard Cite

To avoid the risk of long-term storage of secrets on a portable device, an online credential system supports the roaming user in retrieving securely at various locations his private key and other material to generate anonymous signatures. The protocol proposed here allows a roaming mobile user to access anonymously services such as whistle blowing and net-counselling. Our approach: (1) allows a mobile user, remembering a short password, to anonymously and securely retrieve the credentials necessary for his anonymous communication without assuming a pre-established anonymous channel to the credential server or establishing an anonymous channel using the time-consuming existing rerouting techniques;(2) provides authenticated anonymous access to privacy-related services without rerouting the packets; (3) helps combatting the abuse of anonymity for performing illegal activities (e.g. redistribution of copy-righted contents, illegal drug trading and so on).

show abstract

Anonymous password‐based key exchange with low resources consumption and better user‐friendliness

Qian

Gong

Zhou

2012

Security Comm Networks

View full text Add to dashboard Cite

Anonymous password authenticated key exchange (APAKE) protocols allow the server to authenticate its clients without revealing their identities. In this paper, we first construct a basic protocol SAPAKE by using the homomorphic encryption scheme and an auxiliary memory device. Compared with the previous ones, SAPAKE is more suitable for those privacysensitive applications (e.g., cloud computing) where reducing server payload and improving user experience are both essential. Furthermore, we refine SAPAKE by removing the use of the memory device to gain an enhanced extension SAPAKE+ without increasing the resources consumption. SAPAKE+ achieves better user-friendliness than SAPAKE while it requires publishing more public parameters. Both of our protocols are practical due to their low (computation and communication) resources consumption and better user-friendliness, and achieve provable security in the random oracle model.

show abstract

A Secure Threshold Anonymous Password-Authenticated Key Exchange Protocol

Cited by 18 publications

References 18 publications

Threshold Anonymous Password-Authenticated Key Exchange Secure against Insider Attacks

Threshold Anonymous Password-Authenticated Key Exchange Secure against Insider Attacks

Purpose-restricted Anonymous Mobile Communications Using Anonymous Signatures in Online Credential Systems

Anonymous password‐based key exchange with low resources consumption and better user‐friendliness

Contact Info

Product

Resources

About