JISE Vol.27 No.4#17

[ 1]

[ 2]

[ 3]

[ 4]

[ 5]

[ 6]

[ 7]

[ 8]

[ 9]

[ 10]

[ 11]

[ 12]

[ 13]

[ 14]

[ 15]

[ 16]

[ 17]

[ 18]

Journal of Information Science and Engineering, Vol. 27 No. 4, pp. 1487-1501 (July 2011)

Secure Verifier-Based Three-Party Key Exchange in the Random Oracle Model^*

HUNG-YU CHIEN
Department of Information Management
National Chi Nan University
Puli, 545 Taiwan

A Three Party password Authenticated Key Exchange protocol (3PAKE) facilitates two clients to establish authenticated session keys via the help of a trusted server. This approach enhances the scalability of key agreement issue and facilitates users’ convenience in distributed environments. In this paper, we show the security weaknesses of previous works, and then propose our new scheme, using password verifiers. The scheme is efficient, and the key indistinguishability is proved relative to the computational Diffie-Hellman problem. It is the first provably secure verifier-based 3PAKE protocol.

Keywords: authentication, key agreement, three-party password authenticated key exchange protocol, password, guessing attacks

Retrieve PDF document (201107_18.pdf)

Received November 16, 2009; revised March 12 & May 6, 2010; accepted May 11, 2010.
Communicated by Tzong-Chen Wu.
^* This work was partially supported by the National Science Council of Taiwan, R.O.C., project No. NSC 97-2221-E-260-008-MY2.