A New C2C-PAKE Protocol in Cross-Realm Setting

Author

Liu Xiu-mei ; Zhou Fu-cai ; Chang Gui-Ran

Author_Institution

Comput. Center, Northeastern Univ., Shenyang

fYear

2008

fDate

30-31 Dec. 2008

Firstpage

562

Lastpage

565

Abstract

Most existing cross-realm client-to-client (C2C) key exchange protocols are based on password authentication, which are vulnerable to password guessing attacks. Sun et al. and Lee et al. have proposed three-party key exchange protocols respectively, which achieve higher security through verifier authentication instead of password authentication. However, their key exchange protocols can only be used in single-server C2C setting. In this paper, we propose a new cross-realm C2C-PAKE protocol, which is based on verifier authentication, and enable two clients to agree on a common session key with assistance of two servers in different realms. The protocol is shown to be resistant against various attacks including password guessing attacks and server compromise attack.

Keywords

authorisation; cryptographic protocols; private key cryptography; C2C-PAKE protocol; client-to-client key exchange; cross-realm setting; key exchange protocols; password guessing attacks; security; server compromise attack; verifier authentication; Authentication; Electronic mail; Information science; Information technology; Multimedia computing; Protocols; Public key; Resists; Security; Sun; cross-realm; key exchange; password-authentication; verifier-based;

fLanguage

English

Publisher

ieee

Conference_Titel

MultiMedia and Information Technology, 2008. MMIT '08. International Conference on

Conference_Location

Three Gorges

Print_ISBN

978-0-7695-3556-2

Type

conf

DOI

10.1109/MMIT.2008.83

Filename

5089185