Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Split Password-Based Authenticated Key Exchange

분할된 패스워드 기반 인증된 키교환 프로토콜

  • Published : 2004.10.01
Download PDF
⟨ Previous Next ⟩

Abstract

This paper presents a password based authentication and key exchange protocol which can be used for both authenticating users and exchanging session keys for a subsequent secure communication over an untrusted network. Our idea is to increase a randomness of the password verification data, i.e., we split the password, and then amplify the split passwords in the high entropy-structured password verification data. And in order to prevent the verifier-compromised attack, we construct our system such that the password verification data is encrypted with the verifier's key and the private key of verifier used to encrypt it is stored in a secure place like a smart cards. Also we propose the distributed password authentication scheme utilizing many authentication servers in order to prevent the server-compromised attack occurred when only one server is used. Furthermore, the security analysis on the proposed protocol has been presented as a conclusion.

본 논문은 신뢰할 수 없는 네트워크를 통해서도 사용자를 인증하고 안전한 암호통신용 세션키 교환에 적합한 패스워드 기반 인증 프로토콜을 제안한다. 기본 아이디어는 패스워드를 분할한 후 각 분할된 패스워드 지식들을 확대(amplification)하는 구조로 설계하는 것으로서, 이는 패스워드 검증정보의 램덤성(randomness)을 증가시키기 위한 것이다. 또한 서버 검증자 파일을 암호화하여 보관함으로서 서버 파일 타협에 의한 오프라인 사전추측 공격에 강인하도록 구성한다. 더불어 검증자 파일 및 서버의 암호화 키가 다수의 서버들에게 분산되도록 설계된 방식을 제안한다.

Keywords

References

  1. V. Boyko, P. MacKenzie. and S. Patel, 'Provably Secure Password Authenticated Key Exchange Using Diffie-Hellman.' Advances in Cryptology-EUROCRYFT' 2000, LNCS 1807, pp. 156-171 (2000)
  2. T. Kwon, 'Ultimate Solution to Authentication via Memorable Password,' IEEE P1363.2 Working Group, Available at http://grouper .ieee.org/groups/1363/passwdPK/submissions.html#amp(2000)
  3. T. Kwon, 'Authentication and key agreement via memorable passwords,' In Proceedings of the ISOC Network and Distributed System Security (NDSS) Symposium (2001)
  4. Y. Hwang. D. Yum, and P. Lee. 'EPA: An efficient password-based protocol for authenticated key exchange,' Information Security and Privacy. 8th Australasian Conference, ACISP'2003, LNCS 2727, pp. 324-335 (2003)
  5. T. Kwon, 'Addendum to Summary of AMP,' IEEE P1363.2 Working Group, Available at http://grouper.ieee.org/groups/1363/passwdPK/contributions/ampsummary2.pdf (2003)
  6. S. Bellovin and M. Merritt, 'Encryted key exchange: password-based protocols secure against dictionary attacks,' Proceedings of IEEE Comp. Society Symp. on Research in Security and Privacy, pp. 72-84 (1992)
  7. T. Wu, 'Secure remote password protocol,' Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pp. 97-111(1998)
  8. P. MacKenzie and R. Swaminathan, 'Secure Network Authentication with Password Identification,' Presented to IEEE P1363.2, Available at http://grouper.ieee.org/groups/1363/passwdPK/contributions.html#MS (1999)
  9. M. Bellare and P. Rogaway, 'The AuthA protocol for password-based authenticated key exchange,' IEEE P1363.2 Working Group, Available at http://grouper. ieee.org/groups/1363/passwdPK/conributi ons.html#autha (2000)
  10. P. MacKenzie, T. Shrimpton, and M. Jakobsson, 'Threshold Password-Authenticated Key Exchange,' Advances in Cryptology-CRYPTO'2002, LNCS 2442, pp. 369-384 (2002) https://doi.org/10.1007/3-540-45708-9_24
  11. Xunhua Wang, 'Intrusion Tolerant Password-Enabled PKI,' Proceedings of 2nd annual PKI Research Workshop, Available at http://middleware.internet2.edu/pki03/PKI03-proceedings. html (2002)
  12. T. Kwon, 'Refinement and Improvement of Virtual Software Token Protocols,' IEEE Communications Letters, Vol. 8, No.1. pp. 75-77 (2004) https://doi.org/10.1109/LCOMM.2003.822523
  13. W. Ford and B. Kaliski, 'Server-Assisted Generation of a Strong Secret from a Password,' IEEE P1363.2 Working Group, Available at http://grouper. ieee. org/groups/1363/passwdPK/ contributions,html#FK00 (2000)
  14. 이정현, 김현정, 이동훈, '다중서버를 이용한 인증된 키교환 프로토콜,' 정보보호학회논문지 13권 1호, pp. 87-98 (2003)
  15. M. Bellare, D. Pointcheval. and P. Rogaway, 'Authenticated Key Exchange Secure Against Dictionary Attack,' Advances in Cryptology-EUROCRYPT '2000, LNCS 1807, pp. 139-155 (2000)
  16. S. Blake-Wilson, A. Menezes, 'Authenticated Diffie-Hellman Key Agreement Protocols,' Selected Areas in Cryptography' 98-SAC'98, LNCS 1556. pp, 339-361 (1998)
  17. R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, 'Robust Threshold DSS Signatures,' Advances in Cryptology-EUROCRYPT' 96, LNCS 1070, pp. 354-371 (1996)
  18. D. Chaum and T. Pedersen, 'Wallet databases with observer,' Advances in Cryptology-CRYPTO'92, LNCS 740, pp, 89-105 (1992)
  19. R. Gennaro, Michael O. Rabin, and T. Rabin, 'Simplified VSS and Fasttrack Multiparty Computations with Application to Threshold Cryptography,' Proceedings of the Seventeenth Annual ACM Symposium on Principles of Distributed Computing-PODC'98. pp, 101-111 (1998)
  20. Ho-Sun Yoon, Heung-Youl Youm, 'A New Approach to Efficient Verifiable Secret Sharing for Threshold KCDSA,' Information Security and Cryptology-ICISC' 99, LNCS 1787, pp, 208-220 (1999)
  21. Ueli Maurer and Stefan Wolf. 'Diffie-Hellman, Decision Diffie-Hellman, and Discrete Logarithms,' Proceedings of IEEE International Symposium on Information Theory Society-ISIT' 1998, pp. 327 (1998)
  22. D. Boneh, 'The decision Diffie-Hellman problem,' Algorithmic Number Theory, Third International Symposium-ANTS- III, LNCS 1423, pp. 48-63(1998)
  23. A. Menezes, P. van Oorschot, S. Vanston 'Handbook of applied cryptography,' CRC Press, Inc., pp 618 (1997)