1 research outputs found
Persistent Asymmetric Password-Based Key Exchange
Asymmetric password based key exchange is a key exchange protocol where a
client and a server share a low entropic password while the server additionally
owns a high entropic secret for a public key. There are simple solutions for
this (e.g. Halevi and Krawczyk (ACM TISSEC 1999) and its improvement by
Boyarsky (CCS 1999)). In this paper, we consider a new threat to this type of
protocol: if a server's high entropic secret gets compromised (e.g., due to
cryptanalysis, virus attack or a poor management), the adversary might {\em
quickly} break lots of passwords and cause uncountable damage. In this case,
one should not expect the protocol to be secure against an off-line dictionary
attack since, otherwise, the protocol is in fact a secure password-only key
exchange where the server also only has a password (by making the server high
entropic secret public). Of course a password-only key exchange does not suffer
from this threat as the server does not have a high entropic secret at all.
However, known password-only key exchange are not very efficient (note: we only
consider protocols without random oracles). This motivates us to study
efficient and secure asymmetric password key exchange that avoids the new
threat. In this paper, we first provide a formal model for the new threat,
where essentially we require that the active adversary can break
passwords in steps (for ) only with a
probability negligibly close to for some . Then, we
construct a framework of asymmetric password based key exchange. We prove that
our protocol is secure in the usual sense. We also show that it prevents the
new threat. To do this, we introduce a new technique by abstracting a
probabilistic experiment from the main proof and providing a neat analysis of
it.Comment: 22 page