Improvement on the flexible tree-based key management framework

In this paper, a general framework for designing and analyzing password-based security protocols is presented. First we introduce the concept of "weak computational indistinguishability" based on current progress of password-based security protocols. Then, we focus on cryptographic foundations for password-based security protocols, i.e., the theory of "weak pseudorandomness". Furthermore, based on the theory of weak pseudorandomness, we present a modular approach to design and analysis of password-based security protocols. Finally, applying the modular approach, we design two kinds of password-based security protocols, i.e., password-based session key distribution (PSKD) protocol and protected password change (PPC) protocol. In addition to having forward secrecy and improved efficiency, new protocols are proved secure. security protocols, weak computational indistinguishability, provable security, random oracle model (ROM), standard model In recent years, much attention has been devoted to the research on password-based security protocols. In particular, major effort has been directed towards the research on password-based session key distribution protocols and password-based authentication mechanisms. Compared with long-term key, password is more preferred because its short length facilitates humans to remember it in minds without additional assistant device (e.g. Smart cards). However, the use of passwords has intrinsic weaknesses. A major challenge in designing password-based protocol is to protect the password information against the notorious password dictionary attacks.The first protocol suggested for password-based session key distribution was by Bellovin and Merritt [1] . This work was very influential and became the basis for much future work in this area. However, the protocol has not been proven secure and its conjectured security is based on heuristic arguments. The first rigorous treatment of the password-based authentication problem was provided by Halevi and Krawczyk [2] . They actually considered an asymmetric hybrid model in which one party (the server) may hold high entropy key and the other party (the human) may only

show abstract