Reference : PROVABLE SECURITY ANALYSIS FOR THE PASSWORD AUTHENTICATED KEY EXCHANGE PROBLEM
Dissertations and theses : Doctoral thesis
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/39511
PROVABLE SECURITY ANALYSIS FOR THE PASSWORD AUTHENTICATED KEY EXCHANGE PROBLEM
English
Lopez Becerra, José Miguel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
14-May-2019
University of Luxembourg, ​Esch-Uelzecht, ​​Luxembourg
DOCTEUR DE L’UNIVERSITÉ DU LUXEMBOURG EN INFORMATIQUE
134
Ryan, Peter mailto
Ostrev, Dimiter mailto
Coron, Jean-Sébastien mailto
Abdalla, Michel
Kremer, Steve
[en] provable security ; password-based authenticated key-exchange ; passwords ; computational model ; forward secrecy ; tight reductions
[en] Password-based Authenticated Key-Exchange (PAKE) protocols allow the establishment of secure communications despite a human-memorable password being the only secret that is previously shared between the participants. After more than 25 years since the initial proposal, the PAKE problem remains an active area of research, probably due to the vast amount of passwords deployed on the internet as password-based still constitutes the most extensively used method for user authentication. In this thesis, we consider the computational complexity approach to improve the current understanding of the security provided by previously proposed PAKE protocols and their corresponding security models. We expect that this work contributes to the standardization, adoption and more efficient implementation of the considered protocols.

Our first contribution is concerning forward secrecy for the SPAKE2 protocol of Abdalla and Pointcheval (CT-RSA 2005). We prove that the SPAKE2 protocol satisfies the so-called notion of weak forward secrecy. Furthermore, we demonstrate that the incorporation of key-confirmation codes in the original SPAKE2 results in a protocol that provably satisfies the stronger notion of perfect forward secrecy. As forward secrecy is an explicit requirement for cipher suites supported in the TLS handshake, we believe our results fill the gap in the literature and facilitate the adoption of SPAKE2 in the recently approved TLS 1.3.

Our second contribution is regarding tight security reductions for EKE-based protocols. We present a security reduction for the PAK protocol instantiated over Gap Diffie-Hellman groups that is tighter than previously known reductions. We discuss the implications of our results for concrete security. Our proof is the first to show that the PAK protocol can provide meaningful security guarantees for values of the parameters typical in today's world.

Finally, we study the relation between two well-known security models for PAKE protocols. Security models for PAKEs aim to capture the desired security properties that such protocols must satisfy when executed in the presence of an adversary. They are usually classified into i) indistinguishability-based (IND-based) or ii) simulation-based (SIM-based), however, controversy remains within the research community regarding what is the most appropriate security model that better reflects the capabilities that an adversary is supposed to have in real-world scenarios. Furthermore, the relation between these two security notions is unclear and mentioned as a gap in the literature. We prove that SIM-BMP security from Boyko et al. (EUROCRYPT 2000) implies IND-RoR security from Abdalla et al. (PKC 2005) and that IND-RoR security is equivalent to a slightly modified version of SIM-BMP security. We also investigate whether IND-RoR security implies (unmodified) SIM-BMP security.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/39511
FnR ; FNR8293135 > Peter Y. A. Ryan > AToMS > A Theory of Matching Sessions > 01/05/2015 > 30/04/2018 > 2014

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
joseBecerraPhD.pdfAuthor postprint1.12 MBView/Open

Additional material(s):

File Commentary Size Access
Open access
josePhDpresentation.pdfThesis presentation3.21 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.