Paper published in a book (Scientific congresses, symposiums and conference proceedings)
On Password-Authenticated Key Exchange Security Modeling
Lancrenon, Jean
2016 • In Stajano, Frank; Mjolsnes, Stig; Jenkinson, Graemeet al. (Eds.) Technology and practice of passwords: 9th International Conference, PASSWORDS 2015, Cambridge, UK, December 7-9, 2015, Proceedings
[en] Deciding which security model is the right one for Authenticated Key Exchange (AKE) is well-known to be a difficult problem. In this paper, we examine definitions of security for Password-AKE (PAKE) in the style proposed by Bellare et al. at Eurocrypt 2000. Indeed, there does not seem to be any consensus, even when narrowing the study down to this particular authentication method and model style, on how to precisely define fundamental notions such as accepting, terminating, and partnering. The aim of this paper is to begin addressing this problem. We first show how definitions vary from paper to paper. We then propose and thoroughly motivate a definition of our own, and use the opportunity to correct a minor flaw in a more recent and more PAKE-appropriate model proposed by Abdalla et al. at Public Key Cryptography 2005. Finally, we argue that the uniqueness of partners holding with overwhelming probability ought to be an explicitly required and proven property for AKE in general, but even more so in the password case, where the optimal security bound one aims to achieve is no longer a negligible value. To drive this last point, we exhibit a protocol that is provably secure following the Abdalla et al. definition, and at the same time fails to satisfy this property.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust
Disciplines :
Computer science
Author, co-author :
Lancrenon, Jean ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
External co-authors :
no
Language :
English
Title :
On Password-Authenticated Key Exchange Security Modeling
Publication date :
March 2016
Event name :
Passwords 2015
Event organizer :
University of Cambridge
Event place :
Cambridge, United Kingdom
Event date :
from 07-12-2015 to 09-12-2015
Audience :
International
Main work title :
Technology and practice of passwords: 9th International Conference, PASSWORDS 2015, Cambridge, UK, December 7-9, 2015, Proceedings
Editor :
Stajano, Frank
Mjolsnes, Stig
Jenkinson, Graeme
Thorsheim, Per
Publisher :
Springer
ISBN/EAN :
978-3-319-29937-2
Collection name :
LNCS 9551
Peer reviewed :
Peer reviewed
Focus Area :
Computational Sciences
FnR Project :
FNR8293135 - A Theory Of Matching Sessions, 2014 (01/05/2015-30/04/2018) - Peter Y. A. Ryan
Abdalla, M., Benhamouda, F., MacKenzie, P.: Security of the J-PAKE Password-Authenticated Key Exchange Protocol. In: 2015 IEEE Symposium on Security and Privacy (2015)
Abdalla, M., Benhamouda, F., Pointcheval, D.: Public-key encryption indistinguishable under plaintext-checkable attacks. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 332-352. Springer, Heidelberg (2015). http://dx.doi.org/10.1007/978-3-662-46447-215
Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65-84. Springer, Heidelberg (2005). http://dx.doi.org/10.1007/978-3-540-30580-4_6
An, J.H., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 83. Springer, Heidelberg (2002). http://dl.acm.org/citation.cfm?id=647087.715701
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 139. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232-249. Springer, Heidelberg (1994)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Computer Society Symposium on Research in Security and Privacy, May 4-6, pp. 72-84 (1992)
Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 449-475. Springer, Heidelberg (2013). http://dx.doi.org/10.1007/978-3-642-40041-4_25
Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 156. Springer, Heidelberg (2000)
Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) ACM Conference on Computer and Communications Security, pp. 241-250. ACM (2003)
Bresson, E., Chevassut, O., Pointcheval, D.: New security results on encrypted key exchange. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 145-158. Springer, Heidelberg (2004)
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings of the 42Nd IEEE Symposium on Foundations of Computer Science, FOCS 2001, p. 136 (2001). http://dl.acm.org/citation.cfm? id=874063.875553
Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404-421. Springer, Heidelberg (2005)
Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Examining indistinguishabilitybased proof models for key establishment protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 585-604. Springer, Heidelberg (2005). http://dx.doi.org/10.1007/11593447_32
Cremers, C.: Examining indistinguishability-based security models for key exchange protocols: The case of CK, CK-HMQV, and eCK. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, NY, USA, pp. 80-91 (2011). http://doi.acm.org/10.1145/1966913.1966925
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644-654 (2006). http://dx.doi.org/10.1109/TIT.1976.1055638
Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524-543. Springer, Heidelberg (2003). http://dx.doi.org/10.1007/3-540-39200-9_33
Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 408. Springer, Heidelberg (2001). http://dx.doi.org/10.1007/3-540-44647-8_24
Groce, A., Katz, J.: A new framework for efficient password-based authenticated key exchange. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, NY, USA, pp. 516-525 (2010). http://doi.acm.org/10.1145/1866307.1866365
Kwon, T.: Authentication and key agreement via memorable password. In: ISOC Network and Distributed System Security Symposium (2001)
Kwon, T.: Practical authenticated key agreement using passwords. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 1-12. Springer, Heidelberg (2004)
Lucks, S.: Open key exchange: how to defeat dictionary attacks without encrypting public keys. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 79-90. Springer, Heidelberg (1998). http://dl.acm.org/citation.cfm?id=647215.720526
MacKenzie, P.: The PAK Suite: protocols for password-authenticated key exchange. DIMACS Technical report 2002-46, pp. 7 (2002)
MacKenzie, P., Patel, S., Swaminathan, R.: Password-authenticated key exchange based on RSA. Int. J. Inf. Secur. 9(6), 387-410 (2010). http://dx.doi.org/10.1007/s10207-010-0120-3
Pointcheval, D.: Password-based authenticated key exchange. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 390-397. Springer, Heidelberg (2012)
Shoup, V.: On Formal Models for Secure Key Exchange. Cryptology ePrint Archive, Report 1999/012 (1999). http://eprint.iacr.org/1999/012