Font Size: a A A

Research On Key Technologies For Password-Authenticated Key Exchange Protocols

Posted on:2010-06-03Degree:DoctorType:Dissertation
Country:ChinaCandidate:X M LiuFull Text:PDF
GTID:1118360302977798Subject:Computer system architecture
Abstract/Summary:PDF Full Text Request
Network information security is always an important topic of great concern in the popularity and development of the network applications. Identity authentication is usually the basic and first step in ensuring a secure network. Users must be identified and authenticated so that they can be accountable or given specific privileges. After authentication, the next question in the open network environments is how to build a secure communication channel to protect the sensitive information transmitted between users. The most common and effective method for solving this problem involves negotiating a shared session key to provide data privacy. A protocol that provides both identity authentication and session key negotiation can meet the security requirements mentioned above which is referred to as Authenticated Key Exchange (AKE).Furthermore, the use of passwords is the most common and convenient solution for identity authentication, which has attracted widespread concern. And authenticated key exchange protocols based on passwords are referred to as Password-Authenticated Key Exchange (PAKE). In PAKE, users share a password or a verifier with the server and the server uses it to authenticate the users while helping them to agree on a session key. Until now, many PAKE protocols have been proposed. However, there are still some issues that need to be addressed, e.g. how to achieve strong authentication by using a low-entropy password, how to authenticate the server, how to resist dictionary attack, how to achieve the balance between efficiency and security, and how to provide formal proof and analysis to security protocols, etc.This dissertation focuses on the analysis and research of several key technologies for PAKE.Firstly, for the manners of the key shared between the user and the server in AKE, the balanced model and augmented model are defined and analyzed respectively. Based on the balanced model, an AKE protocol 2DHEKE in the CK2001 security model is presented and its security is proved. In addition, two PAKE protocols 2PAKE and VB-2PAKE based on balanced model and augmented model respectively are proposed and analyzed.Secondly, the generic scheme for constructing PAKE protocol for three-parties is improved. Based on this constructing scheme, two new PAKE protocols 3PAKE and VB-3PAKE are proposed. And it is proved formally in the BPR2000 security model that the new protocols can meet the security requirements to the three-party password authenticated key exchange protocols.Thirdly, the security vulnerabilities of the existing PAKE protocols are analyzed in cross-realm setting. To overcome the vulnerabilities, a 4PAKE protocol in the public key system and a VB-4PAKE protocol in the symmetric encryption system are presented respectively. By analyzing the security and performances, it is shown that 4PAKE protocol can resist many attacks, but based on the public key system puts a certain burden and heavy cost on the users. And compared to other protocols in the symmetric encryption system, VB-4PAKE enhances the security while has comparable efficiency.Finally, the group PAKE protocols in open network environments are investigated. A VB-nPAKE protocol based on the augmented model and a nPAKE' protocol based on bilinear pairing and key tree are proposed. The nPAKE' protocol combines the hierarchical structure with the bilinear pairing algorithm instead of the exponential operator in common nPAKE protocols, which can reduce the computational complexity. Therefore, nPAKE' protocol has a greatly improvement in computational efficiency and communication efficiency.
Keywords/Search Tags:Key exchange protocol, mutual authentication, password-authenticated, verifier, balanced model, augmented model, discrete logarithm problem, bilinear pairing, provable security
PDF Full Text Request
Related items