Efficient and Secure Cross-Realm Client-to-Client Password-Authenticated Key Exchange

To conduct secure communications in wireless networks, clients must create safer keys from the recorded less secure passwords -- known as Password-Authenticated Key Exchange (PAKE). As attacker capability has evolved quickly, PAKE protocols must progress with time to fight against possible attacks. This paper makes an analytical survey on current cross-realm client-to-client (C2C) PAKE protocols and based on the Smart Card Framework Agreement develops a new and stronger C2C PAKE protocol to deal with malicious attacks. The new protocol involves client passwords, Smart Card information and server private keys to build a security protection mechanism which maneuvers by Mod calculation, Asymmetric encryption and Diffie-Hellman operations and is able to maintain communication security even when client passwords and server private keys are snatched. To verify the security of various C2C PAKE protocols -- including ours, we employ Yoneyama´s Security Model which can verify even Key-Compromise Impersonation (KCI) and Leakage of Ephemeral Private (LEP) attacks. Cost comparisons -- covering calculation times and complexity -- are also provided. The results show that our protocol achieves notably better security at reasonable cost.