An Efficient and Provably Secure Cross-Realm Client-to-Client Password-Authenticated Key Agreement Protocol with Smart Cards

Authors:
Wenting Jin;Jing Xu
Affiliations:
State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, P.R. China;State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China
Venue:
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Year:
2009

Citing 11
Cited 2

Password-Authenticated Key Exchange between Clients with Different Passwords

ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
EC2C-PAKA: An efficient client-to-client password-authenticated key agreement

Information Sciences: an International Journal
Two-factor mutual authentication based on smart cards and passwords

Journal of Computer and System Sciences
A New Client-to-Client Password-Authenticated Key Agreement Protocol

IWCC '09 Proceedings of the 2nd International Workshop on Coding and Cryptology
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Cryptanalysis of two provably secure cross-realm C2C-PAKE protocols

INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Interactive diffie-hellman assumptions with applications to password-based authentication

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
A secure password-authenticated key exchange between clients with different passwords

APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
Password-Based authenticated key exchange in the three-party setting

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Secure cross-realm C2C-PAKE protocol

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

Cross-realm password-based server aided key exchange

WISA'10 Proceedings of the 11th international conference on Information security applications
Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS '09

CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Cross-realm client-to-client password-authenticated key agreement (C2C-PAKA) protocols provide an authenticated key exchange between two clients of different realms, who only share their passwords with their own servers. Recently, several such cross-realm C2C-PAKA protocols have been suggested in the private-key (symmetric ) setting, but all of these protocols are found to be vulnerable to password-compromise impersonation attacks. In this paper, we propose our innovative C2C- PAKA-SC protocol in which smart cards are first utilized in the cross-realm setting so that it can resist all types of common attacks including password-compromise impersonation attacks and provide improved efficiency. Moveover, we modify the original formal security model to adapt our proposed protocol and present a corresponding security proof.