基于RSA的网关口令认证密钥交换协议

网关口令认证密钥交换协议是一个三方协议,使得用户和网关在服务器的协助下建立起一个安全的会话密钥,从而实现用户和网关之间的安全通信.已有的网关口令认证密钥交换协议都是基于Diffie-Hellman密钥交换设计的.利用张木想所设计的PEKEP协议,提出了基于RSA体制的可证明安全的网关口令认证密钥交换协议.在随机预言模型...     

标准模型下网关口令认证密钥交换协议的通用框架

网关口令认证密钥交换协议允许用户和网关在服务器的协助下建立起一个共享的会话密钥.网关口令协议适用于无线通信环境,如GSM和3GPP等.已有的网关口令认证密钥交换协议大多缺乏严格的安全证明,或者是在随机预言模型下证明安全的.该文采用模块化的设计方法提出了在标准模型下构造网关口令协议的通用框架.通用框架可以实现双向认证并且能够抵抗不可检测在线字典攻击,因此具有更强的安全性.利用DDH假设、二次剩余假设和N次剩余假设对通用框架进行实例化可以得到不同的标准模型下可证明安全的网关口令协议.     

一个前向安全的基于口令认证的三方密钥交换协议

目前,文献中提出的基于口令认证的密钥交换协议,很多都是针对两方的情形设计的,即通信双方为客户与服务器,它们通过一个预先共享的口令来进行认证的密钥交换.随着现代通信环境的快速变化,需要能为任意客户间构建一个端到端的安全信道,这种应用的情形与那些文献中所考虑的有很大区别.针对这种情形,文中提出了一个可证前向安全的基于口令认证的三方密钥交换协议,使通信双方在认证服务器的帮助下能相互进行认证并建立一个会话密钥.与前人提出的基于口令认证的三方密钥交换协议相比,该协议在计算代价和通信代价上都较有效,因而更适用于资源受限的环境.此协议的安全性是在口令型的选择基Gap Diffie-Hellman问题难解的假设前提下在随机谕示模型下证明的.     

具有强匿名性的网关口令认证密钥交换协议

网关口令认证密钥交换协议允许用户和网关在服务器的协助下建立起一个共享的会话密钥,其中用户和服务器之间的认证通过低熵的口令来完成.已有的网关口令认证密钥交换协议对用户的匿名性研究不足.该文基于Diffie-Hellman密钥交换提出了具有强匿名性的网关口令认证密钥交换协议,并且在随机预言模型下基于标准的DDH假设证明了协议的安全性.新协议可以抵抗不可检测在线字典攻击并且计算效率高,安全性和计算效率都优于已有的同类协议.     

强安全性的三方口令认证密钥交换协议

基于可证明安全的AugPAKE协议,提出一种具有强安全性的三方口令认证密钥交换(3PAKE)协议,协议中避免使用服务器的公钥进行认证,以保证执行效率.安全性分析结果表明,该协议可抵抗字典攻击、服务器泄露攻击等已知攻击,并具有对服务器的密钥保密性以及前向安全性.在随机预言模型下,基于DDH、SDH假设证明了该协议的安全性.     

基于混沌映射的用户匿名三方口令认证密钥协商协议

在基于混沌的三方口令认证密钥协商协议中,用户通过低熵的口令实现相互认证和共享会话密钥,以避免在身份认证过程中公钥基础设施或存储用户长期密钥的安全威胁。通过分析Lee提出的基于混沌映射的口令认证密钥协商协议,发现其协议不能进行口令变更,而且仅适用于用户和服务器之间的两方通信。为了改进此方案,提出两个基于切比雪夫混沌映射的用户匿名三方口令认证密钥协商协议,包括基于时钟同步的密钥协商方案和基于随机数的密钥协商方案。其中基于时钟同步的用户匿名三方口令认证密钥协商协议通信量少,基于随机数的用户匿名三方口令认证密钥协商协议更容易实现。两个方案的优点是用户仅选择一个简单的口令进行相互认证和密钥协商,服务器不需要再保护用户口令表,避免了口令相关的攻击,而且在相互认证过程中用户使用临时身份和哈希函数,实现用户匿名性,在增强协议安全性的同时,减少了通信过程中消息的数量,提高了协议的执行效率,具有完美前向安全,并用BAN逻辑证明了其安全性。     

标准模型下隐私保护的多因素密钥交换协议

多因素认证密钥交换协议融合多种不同的认证因素来实现强安全的身份认证和访问控制,在具有高级别安全应用需求的移动泛在服务中具有巨大的应用潜力.现阶段多因素协议的研究成果还不丰富,并且已有协议都是在随机预言模型下可证明安全的.以两方口令认证密钥交换协议、鲁棒的模糊提取器以及签名方案为基本组件提出了一个标准模型下可证明安全的多因素协议.本文的协议中服务器不知道用户的生物模板,因此实现了对生物信息的隐私保护.与已有的随机预言模型下的多因素协议相比,本文的协议在满足更高安全性的同时具有更高的计算效率和通信效率,因此更满足高级别安全的移动泛在服务的应用需求.     

改进的三方口令验证元认证密钥交换协议

在三方口令认证密钥交换（三方PAKE）协议中,每个用户仅仅需要和服务器共享一个口令,就可以在服务器的协助下与他人进行安全的密钥交换.由于有效地减少了用户管理口令的负担,三方PAKE协议在大规模用户集的安全通信中受到了较多关注.然而,已有的三方PAKE协议大多关注的是服务器利用明文存储用户口令的情形,没有考虑服务器口令文件泄露所造成的巨大威胁.在服务器端存放的是相应于用户口令的验证元的情形下,研究三方PAKE协议的分析和设计.首先分析了一个最近提出的基于验证元的三方PAKE协议,指出该协议易于遭受离线字典攻击,因此未能达到所宣称的安全性;其次,在分析已有协议设计缺陷的基础上,提出了一个新的基于验证元的三方PAKE协议,并在标准模型下证明了所设计的协议的安全性,与已有协议的比较表明,新提出的协议在提供了更高安全性的同时具有可接受的计算和通信效率.     

基于RLWE的双因子三方认证密钥交换协议

为了使格上Diffie-Hellman式密钥交换协议能够实现认证性并且适用于客户-服务器-客户模式的大规模通信,提出了一个基于环上误差学习RLWE的双因子三方认证密钥交换协议。该协议将口令和生物特征作为客户的长期密钥,实现服务器对客户的显式身份认证。首先利用环上误差学习的困难问题的优势（密钥及密文尺寸短、运行效率高）来构造密码体制;其次服务器通过口令和生物特征的哈希值传递环元素,并结合丁式错误协调机制使得通信方获得随机均匀的会话密钥。最后分析表明,该协议适用于大规模通信,提高了通信量,具有更高的安全属性,可以抵抗口令泄露用户假冒攻击。     

简单的三方口令密钥交换协议

基于口令认证的三方密钥交换协议（3PAKE）是通信双方在认证服务器的帮助下能在公开非安全的信道上协商并建立一个共享会话密钥。虽然目前有不少该方面的研究,但多数后来被证实易受攻击。本文给合以往的研究,提出一个不需服务器公钥体系的简单的基于口令认证的三方密钥交换协议。本文的协议不仅能抵抗各种攻击,而且计算成本和通信成本都比较低。     

Provably secure three-party password authenticated key exchange protocol in the standard model

Three-party password authenticated key exchange protocol is a very practical mechanism to establish secure session key through authenticating each other with the help of a trusted server. Most three-party password authenticated key exchange protocols only guarantee security in the random oracle model. However, a random oracle based cryptographic construction may be insecure when the oracle is replaced by real function. Moreover, some previous unknown attacks appear with the advance of the adversary capability. Therefore, a suitable standard model which can imitate a wider variety of attack scenarios for 3PAKE protocol is needed. Aim at resisting dictionary attack, unknown key-share attack and password-compromise impersonation attack, an expanded standard model for 3PAKE protocol is given. Meanwhile, through applying ElGamal encryption scheme and pseudorandom function, a specific three-party password authenticated key exchange protocol is proposed. The security of the proposed protocol is proven in the new standard model. The result shows that the present protocol has stronger security by comparing with other existing protocols, which covers the following security properties: (1) semantic security, (2) key privacy, (3) client-to-server authentication, (4) mutual authentication, (5) resistance to various known attacks, and (6) forward security.     

A communication-efficient three-party password authenticated key exchange protocol

Three-party password authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key through an authentication server over an insecure channel. Clients only share an easy-to-remember password with the trusted server. In the related literature, most schemes employ the server public keys to ensure the identities of both the servers and symmetric cryptosystems to encrypt the messages. This paper describes an efficient 3PAKE based on LHL-3PAKE proposed by Lee et al. Our 3PAKE requires neither the server public keys nor symmetric cryptosystems such as DES. The formal proof of security of our 3PAKE is based on the computational Diffie-Hellman assumption in the random oracle model along with a parallel version of the proposed 3PAKE. The comparisons have shown that our 3PAKE is more practical than other 3PAKEs.     

An efficient client–client password-based authentication scheme with provable security

Recently, Tso proposed a three-party password-based authenticated key exchange (3PAKE) protocol. This protocol allows two clients to authenticate each other and establish a secure session key through a server over an insecure channel. The main security goals of such protocols are authentication and privacy. However, we show that Tso’s protocol achieves neither authentication goal nor privacy goal. In this paper, we indicate that the privacy and authentication goals of Tso’s protocol will be broken by off-line password guessing attack and impersonation attack, respectively. To overcome the weaknesses, we propose an improved 3PAKE protocol to achieve more security and performance than related protocols. The security of the proposed improved protocol is proved in random oracle model.     

An novel three-party authenticated key exchange protocol using one-time key

Three-party authenticated key exchange protocol (3PAKE) is an important cryptographic technique for secure communication which allows two parties to agree a new secure session key with the help of a trusted server. In this paper, we propose a new three-party authenticated key exchange protocol which aims to achieve more efficiency with the same security level of other existing 3PAKE protocols. Security analysis and formal verification using AVISPA tools show that the proposed protocol is secure against various known attacks. Comparing with other typical 3PAKE protocols, the proposed protocol is more efficient with less computation complexity.     

Provably secure three-party password-based authenticated key exchange protocol

A three-party password-based authenticated key exchange (3PAKE) protocol is a useful mechanism to establish a secure session key in a network. However, most current 3PAKE protocols only achieve “heuristic” security; the underlying hardness assumptions of these protocols are not perfect. We propose a 3PAKE protocol which is provably secure if the Diffie–Hellman problem is computationally infeasible (the CDH assumption), even in the 3eCK model where the adversary is allowed to make more queries and have more freedom than previous models. In our formal proof, we use the trapdoor test technique introduced by Cash, Kiltz and Shoup to construct an efficient decision oracle. As far as we know, our protocol is the first provably secure 3PAKE protocol based on the CDH assumption and the first 3PAKE protocol using the trapdoor test technique for the security proof.     

适用于双方频繁通信的密钥交换协议

首先对以前提出的一个高效的基于验证元的三方密钥交换协议进行了安全性分析,指出了它容易受到服务器密钥泄露攻击等安全威胁,且缺乏前向安全性;并以此为基础,针对大多数现存的基于验证元的3PAKE协议均难以抵御服务器密钥泄露攻击的现状,提出了一个新的3PAKE协议。通过安全性分析,证明了新协议比原协议更安全,能够抵御各种已知的攻击,且与现有的大多数同类协议相比具有更高的效率。     

A provably secure and efficient two‐party password‐based explicit authenticated key exchange protocol resistance to password guessing attacks

Password‐based two‐party authenticated key exchange (2PAKE) protocol enables two or more entities, who only share a low‐entropy password between them, to authenticate each other and establish a high‐entropy secret session key. Recently, Zheng et al. proposed a password‐based 2PAKE protocol based on bilinear pairings and claimed that their protocol is secure against the known security attacks. However, in this paper, we indicate that the protocol of Zheng et al. is insecure against the off‐line password guessing attack, which is a serious threat to such protocols. Consequently, we show that an attacker who obtained the users' password by applying the off‐line password guessing attack can easily obtain the secret session key. In addition, the protocol of Zheng et al. does not provide the forward secrecy of the session key. As a remedy, we also improve the protocol of Zheng et al. and prove the security of our enhanced protocol in the random oracle model. The simulation result shows that the execution time of our 2PAKE protocol is less compared with other existing protocols. Copyright © 2015 John Wiley & Sons, Ltd.