Skip to main content
SpringerLink
Log in

EPA: An Efficient Password-Based Protocol for Authenticated Key Exchange

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2727))

Included in the following conference series:

Abstract

A password-based protocol for authenticated key exchange must provide security against attacks using low entropy of a memorable password. We propose a new password-based protocol for authenticated key exchange, EPA (Efficient Password-based protocol for Authenticated key exchange), which has smaller computational and communicational workloads than previously proposed protocols with the same security requirements. EPA is an asymmetric model in which each client has a password and the server has a password file. While the server’s password file is compromised, the client’s password is not directly exposed. However, if the adversary mounts an additional dictionary attack, he can obtain the client’s password. By using a modified amplified password file, we construct EPA+, which is secure against dictionary attack and server impersonation even if the server’s password file is compromised.

This research was supported by University IT Research Center Project, the Brain Korea 21 Project, and Com2MaC-KOSEF.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Bellare and P. Rogaway, Entity authentication and key distribution, Crypto’93, pages 232–249, 1993.

    Google Scholar 

  2. M. Bellare D. Pointcheval, and P. Rogaway, Authenticated Key Exchange Secure Against Dictionary Attacks, Eurocrypt 2000, pages 139–155, 2000.

    Google Scholar 

  3. S. Bellovin and M. Merritt, Encrypted Key Exchange: Password-based protocols secure against dictionary attacks, Proceedings of IEEE Security and Privacy, pages 72–84, 1992.

    Google Scholar 

  4. V. Boyko, P. MacKenzie, and S. Patel, Provably secure password authenticated key exchange using Diffie-Helman, Eurocrypt 2000, pages 156–171, 2000.

    Google Scholar 

  5. D. Denning and G. Sacco, Timestamps in key distribution protocols, Communications of the ACM, vol 24, no 8, pages 533–536, 1981.

    Article  Google Scholar 

  6. V. S. Dimitrov, G. A. Jullien, and W. C. Miller, Complexity and fast algorithms for multi-exponentiations, IEEE Transactions on Computers, vol 49, no 2, pages 141–147, 2000.

    Article  MathSciNet  Google Scholar 

  7. D. Jablon, Extended password key exchange protocols immune to dictionary attack, In WETICE’97 Workshop on Enterprise Security, 1997.

    Google Scholar 

  8. K. Kobara and H. Imai, Pretty-Simple Password-Authenticated Key-Exchange Under Standard Assumptions, Cryptology ePrint Archive, Report 2003/038, 2003.

    Google Scholar 

  9. T. Kwon, Authentication and key agreement via memorable password, Proceedings of the ISOC NDSS Symposium, 2001.

    Google Scholar 

  10. P. MacKenzie, More efficient password-authenticated key exchange, Progress in Cryptology — CT-RSA 2001, pages 361–377, 2001.

    Google Scholar 

  11. P. MacKenzie, The PAK suit: Protocols for Password-Authenticated Key Exchange, http://grouper.ieee.org/groups/1363/passwdPK/contributions.html#Mac02, April, 2002.

    Google Scholar 

  12. B. Moeller, Algorithm for multi-exponentiation, In Selected Areas in Cryptography, SAC 2001, pages 165–180, 2001.

    Google Scholar 

  13. P. van Oorschot and M. Wiener, On Diffie-Hellman key agreement with short exponents, Eurocrypt’96, pages 332–343, 1994.

    Google Scholar 

  14. D. G. Park, C. Boyd, and S. J. Moon, Forward Secrecy and Its Application to Futher Mobile Communications Security, Public Key Cryptography, PKC 2000, pages 433–445, 2000.

    Google Scholar 

  15. S. Pohlig and M. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Transactions on Information Theory, vol 24, no 1, pages 106–110, 1978.

    Article  MATH  MathSciNet  Google Scholar 

  16. J. Pollard, Monte Carlo methods for index computation mod p, Math. of computation, pages 918–924, 1978.

    Google Scholar 

  17. V. Shoup, On formal models for secure key exchange, IBM Research Report RZ 3120, April, 1999.

    Google Scholar 

  18. T. Wu, Secure remote password protocol, Proceedings of the ISOC NDSS Symposium, pages 99–111, 1998.

    Google Scholar 

  19. S. M. Yen, C. S. Laih, and A. K. Lenstra, Multi-exponentiation (cryptographic protocols), Computers and Digital Techniques, IEEE Proceedings, vol 141, no 6, pages 325–326, 1994.

    Article  MATH  Google Scholar 

  20. IEEE P1363.2: Standard Specifications for Password-Based Public Key Cryptography Techniques, Draft D7, December 20, 2002. http://grouper.ieee.org/group/1363/.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electronic and Electrical Engineering, Pohang University of Science & Technology (POSTECH), San 31 Hyoja-dong, Nam-gu, Pohang, Kyoungbuk, 790-784, Rep. of Korea

    Yong Ho Hwang, Dae Hyun Yum & Pil Joong Lee

Authors
  1. Yong Ho Hwang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dae Hyun Yum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pil Joong Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology and Computer Science, University of Wollongong, Wollongong, NSW, 2522, Australia

    Rei Safavi-Naini  & Jennifer Seberry  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hwang, Y.H., Yum, D.H., Lee, P.J. (2003). EPA: An Efficient Password-Based Protocol for Authenticated Key Exchange. In: Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 2003. Lecture Notes in Computer Science, vol 2727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45067-X_39

Download citation

  • DOI: https://doi.org/10.1007/3-540-45067-X_39

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40515-3

  • Online ISBN: 978-3-540-45067-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation