Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
Efficient and Strongly Secure Password-Based Server Aided Key Exchange (Extended Abstract)
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Anonymous and Transparent Gateway-Based Password-Authenticated Key Exchange
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A framework for password-based authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
A simple threshold authenticated key exchange from short secrets
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Interactive diffie-hellman assumptions with applications to password-based authentication
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
One-Time verifier-based encrypted key exchange
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Universally composable password-based key exchange
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
A gateway-oriented password-based authenticated key exchange (GPAKE) is a three-party protocol, which allows a client and a gateway to establish a common session key with the help of an authentication server. To date, most of the published GPAKE protocols have been subjected to undetectable on-line dictionary attacks. The security models for GPAKE are not strong enough to capture such attacks. In this paper, we define a new security model for GPAKE, which is stronger than previous models and captures desirable security requirement of GPAKE. We also propose an efficient GPAKE protocol and prove its security under the DDH assumption in our model. Our scheme assumes no preestablished secure channels between the gateways and the server unlike previous schemes, but just authenticated channels between them. Compared with related schemes, our protocol achieves both higher efficiency and stronger security.