Reference : On Composability of Game-based Password Authenticated Key Exchange
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/44035
On Composability of Game-based Password Authenticated Key Exchange
English
Skrobot, Marjan mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Lancrenon, Jean mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Apr-2018
2018 IEEE European Symposium on Security and Privacy (EuroS&P)
Skrobot, Marjan mailto
Lancrenon, Jean mailto
IEEE
443-457
Yes
No
International
978-1-5386-4228-3
London
UK
2018 IEEE European Symposium on Security and Privacy (EuroS&P)
April 24-26, 2018
IEEE
London
United Kingdom
[en] PAKE ; Composability ; Game-based ; Passwords ; Key Exchange ; Authentication
[en] It is standard practice that the secret key derived from an execution of a Password Authenticated Key Exchange (PAKE) protocol is used to authenticate and encrypt some data payload using a Symmetric Key Protocol (SKP). Unfortunately, most PAKEs of practical interest are studied using so-called game-based models, which – unlike simulation models – do not guarantee secure composition per se. However, Brzuska et al. (CCS 2011) have shown that middle ground is possible in the case of authenticated key exchange that relies on Public- Key Infrastructure (PKI): the game-based models do provide secure composition guarantees when the class of higher-level applications is restricted to SKPs. The question that we pose in this paper is whether or not a similar result can be exhibited for PAKE. Our work answers this question positively. More specifically, we show that PAKE protocols secure according to the game-based Real-or-Random (RoR) definition with the weak forward secrecy of Abdalla et al. (S&P 2015) allow for safe composition with arbitrary, higher-level SKPs. Since there is evidence that most PAKEs secure in the Find-then-Guess (FtG) model are in fact secure according to RoR definition, we can conclude that nearly all provably secure PAKEs enjoy a certain degree of composition, one that at least covers the case of implementing secure channels.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Atoms
http://hdl.handle.net/10993/44035

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
Composition of PAKE.pdfPublisher postprint437.79 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.