Reference : On Password-Authenticated Key Exchange Security Modeling
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Computational Sciences
http://hdl.handle.net/10993/25745
On Password-Authenticated Key Exchange Security Modeling
English
Lancrenon, Jean mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Mar-2016
Technology and practice of passwords: 9th International Conference, PASSWORDS 2015, Cambridge, UK, December 7-9, 2015, Proceedings
Stajano, Frank
Mjolsnes, Stig
Jenkinson, Graeme
Thorsheim, Per
Springer
LNCS 9551
Yes
International
978-3-319-29937-2
Passwords 2015
from 07-12-2015 to 09-12-2015
University of Cambridge
Cambridge
United Kingdom
[en] Password-authenticated key exchange ; Security models ; Provable security
[en] Deciding which security model is the right one for Authenticated Key Exchange (AKE) is well-known to be a difficult problem. In this paper, we examine definitions of security for Password-AKE (PAKE) in the style proposed by Bellare et al. at Eurocrypt 2000. Indeed, there does not seem to be any consensus, even when narrowing the study down to this particular authentication method and model style, on how to precisely define fundamental notions such as accepting, terminating, and partnering. The aim of this paper is to begin addressing this problem. We first show how definitions vary from paper to paper. We then propose and thoroughly motivate a definition of our own, and use the opportunity to correct a minor flaw in a more recent and more PAKE-appropriate model proposed by Abdalla et al. at Public Key Cryptography 2005. Finally, we argue that the uniqueness of partners holding with overwhelming probability ought to be an explicitly required and proven property for AKE in general, but even more so in the password case, where the optimal security bound one aims to achieve is no longer a negligible value. To drive this last point, we exhibit a protocol that is provably secure following the Abdalla et al. definition, and at the same time fails to satisfy this property.
Interdisciplinary Centre for Security, Reliability and Trust
Fonds National de la Recherche - FnR
Researchers ; Professionals
http://hdl.handle.net/10993/25745
FnR ; FNR8293135 > Peter Y. A. Ryan > AToMS > A Theory of Matching Sessions > 01/05/2015 > 30/04/2018 > 2014

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
PaperV3.pdfAuthor postprint450.97 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.