Paper 2012/397

Cross-Domain Password-Based Authenticated Key Exchange Revisited

Liqun Chen, Hoon Wei Lim, and Guomin Yang

Abstract

We revisit the problem of cross-domain secure communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this paper, we propose a variety of four-party password-based authenticated key exchange (4PAKE) protocols that take a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that "certify'' some key materials that the users can subsequently use to exchange and agree on a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange (2PAKE) protocol and two-party asymmetric-key/symmetric-key based key exchange (2AAKE/2SAKE) protocol as black boxes, we combine them to obtain generic and provably secure 4PAKE protocols. We also show that one can derive a 4PAKE protocol from just a 2PAKE protocol.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. ACM Transactions on Information and System Security (TISSEC), to appear.
Keywords
Password-based protocolkey exchangecross-domainclient-to-client.
Contact author(s)
hoonwei @ gmail com
History
2014-01-22: last of 4 revisions
2012-07-23: received
See all versions
Short URL
https://ia.cr/2012/397
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/397,
      author = {Liqun Chen and Hoon Wei Lim and Guomin Yang},
      title = {Cross-Domain Password-Based Authenticated Key Exchange Revisited},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/397},
      year = {2012},
      url = {https://eprint.iacr.org/2012/397}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.