Password-based authenticated key exchange in the three-party setting

Abdalla, Michel; Fouque, Pierre-Alain; Pointcheval, David

doi:10.1049/ip-ifs:20055073

Cited by 233 publications

(438 citation statements)

References 22 publications

Supporting

Mentioning

437

Contrasting

Order By: Relevance

“…In particular, we adopt the Real-Or-Random (ROR) security model of Abdalla et al [1] for password-based authenticated key exchange protocol, which in turn implies that of Bellare et al [3]. As in the standard model, all the interactions between an adversary A and the protocol participants in the ROR model are done via oracle queries.…”

Section: Security Modelmentioning

confidence: 99%

“…The Real-Or-Random Model [1]. In the ROR model, in addition to the above-mentioned oracles, an attacker is also given access to a less restrictive Test oracle.…”

Section: Security Modelmentioning

confidence: 99%

“…As in [1], we use the notion of partnering based on session identifications (sid ), which says that two instances are partnered if they hold the same non-null sid. More specifically, a client instance C i and a gateway instance G j are said to be partners if the following conditions are met: (1) Both C i and G j accept; (2) Both C i and G j share the same session identifications; (3) The partner identification for C i is G j and vice-versa; and (4) No instance other than C i and G j accepts with a partner identification equal to C i or G j .…”

Section: Security Modelmentioning

confidence: 99%

“…In Section 2, we present the formalization used to define the execution of the GPAKE and GTPAKE protocols. Our formalization extends that of Abdalla et al to the threshold setting [1]. In Section 3, we present the intractability assumptions used throughout the paper.…”

Section: Introductionmentioning

confidence: 97%

“…To formally define a model for the above scenario, we propose a model in which one can design a protocol among three parties (the client, the gateway and the authentication server) which protects both the session keys and the passwords. We indeed require the three following security notions which capture dishonest behaviors of the client, the authentication server and the gateway respectively: the semantic security of the sessions keys, which we model by a Real-Or-Random (ROR) game [1] (it has been proved strictly stronger than the more classical Find-Then-Guess (FTG) model [3]); the key-privacy notion [1] which entails that the session key exchanged by two parties with the help of an authentication server is unknown to the authentication server (and also to any other party, granted the semantic security); the server password protection which basically means that the gateway cannot learn any information about clients' passwords from the authentication server.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

A Simple Threshold Authenticated Key Exchange from Short Secrets

Abdalla

Chevassut

Fouque

et al. 2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This paper brings the password-based authenticated key exchange (PAKE) problem closer to practice. It takes into account the presence of firewalls when clients communicate with authentication servers. An authentication server can indeed be seen as two distinct entities, namely a gateway (which is the direct interlocutor of the client) and a back-end server (which is the only one able to check the identity of the client). The goal in this setting is to achieve both transparency and security for the client. And to achieve these goals, the most appropriate choices seem to be to keep the client's password private -even from the back-end server-and to use threshold-based cryptography. In this paper, we present the Threshold Password-based Authenticated Key Exchange (GTPAKE) system: GTPAKE uses a pair of public/private keys and, unlike traditional threshold-based constructions, shares only the private key among the servers. The system does no require any certification -except during the registration and update of clients' passwords-since clients do not use the publickey to authenticate to the gateway. Clients only need to have their password in hand. In addition to client security, this paper also presents highly-desirable security properties such as server password protection against dishonest gateways and key privacy against curious authentication servers.

show abstract

Section: Security Modelmentioning

confidence: 99%

“…The Real-Or-Random Model [1]. In the ROR model, in addition to the above-mentioned oracles, an attacker is also given access to a less restrictive Test oracle.…”

Section: Security Modelmentioning

confidence: 99%

Section: Security Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 97%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Simple Threshold Authenticated Key Exchange from Short Secrets

Abdalla

Chevassut

Fouque

et al. 2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

An efficient protocol for two‐party explicit authenticated key agreement

Zheng

Zhou

Chen

2013

Concurrency and Computation

View full text Add to dashboard Cite

Summary Successful and efficient key management plays a critical role toward secured computing and communication systems. Many authenticated key agreement protocols have been proposed to meet the great challenges of information security. The two‐party key agreement protocol can be classified into two categories: implicit and explicit key authentications. This paper investigates the issue on authenticated two‐party key agreement protocol over an insecure public network and extends the existing implicit authenticated key agreement protocol into the explicit one by introducing the authenticators. The advantage of this explicit protocol is that it does not need any fixed public key infrastructure. Furthermore, this explicit protocol is provably secure in the random oracle under the Computation Gap Diffie‐Hellman assumption. Concurrency and Computation: Practice and Experience, 2013.© 2013 Wiley Periodicals, Inc.

show abstract

A new secure authentication scheme for cloud computing environment

Namasudra

Roy

2016

Concurrency and Computation

View full text Add to dashboard Cite

SUMMARYCloud computing is an emerging computing area that allows on-demand, scalable, flexible, and low-cost services to the users. In cloud computing, access control and security are two major problems. In this paper, a novel authentication scheme using Chebyshev chaotic maps has been presented. The proposed model satisfies many security factors, such as scalability of login, mutual authentication, freedom of password change, two-factor security, and forward security. Two-factor security is a method that requires two credentials for authentication, where the first factor may be something that users know and the second factor may be something that users have. Forward security assures the confidentiality of the user's session key, even if the private key of the server is compromised. In addition, the proposed scheme provides users with untraceability and anonymity, which means that any kind of adversary neither gets the identities of users or servers nor link several sessions with a user or server. The proposed model is secured under the computational Diffie-Hellman assumption of Chebyshev polynomials in the random oracle model. Moreover, security and performance analysis show that the proposed scheme can resist different security attacks in cloud computing environment and it is better than existing schemes.

show abstract

Password-based authenticated key exchange in the three-party setting

Cited by 233 publications

References 22 publications

A Simple Threshold Authenticated Key Exchange from Short Secrets

A Simple Threshold Authenticated Key Exchange from Short Secrets

An efficient protocol for two‐party explicit authenticated key agreement

A new secure authentication scheme for cloud computing environment

Contact Info

Product

Resources

About