Research On Provably Secure Password Authentication Key Exchange Protocol

Secure communication over a public network was one of the most popularresearches in modern cryptography. Mutual authentication and establishing a secretsession key was the basic guarantee of secure communication. Therefore, analysis anddesign of password authentication key exchange protocol had important academicvalues and widely application prospects. Attacks for password authentication keyexchange protocols had arisen increasingly. Therefore, provable security wascommonly used to prove the security of protocols now. In the standard model, thesecurity of protocols was only based on some standard difficulty assumptions, whichwas more practical than random oracle model. This paper focused on the provablysecure client-to-client password authenticated key exchange protocol in the standardmodel. The contributions were listed as follows:1. A standard model that was adequate for client-to-client password authenticatedkey exchange protocol was provided. This model enhanced attacks’s ability bycompared with the existing standard model, which can simulate off-line dictionaryattack, undetectable on-line dictionary attack, password-compromise impersonationattack, and unknown key share attack. Cryptanalysis of client-to-client passwordauthenticated key exchange protocol, it was found that Li et al.’s protocol wasvulnerable to off-line dictionary attack and man in the middle attack, Chang et al.’sprotocol was vulnerable to password-compromise impersonation attack and insideprivilege attack, Liu et al.’s protocol was vulnerable to impersonation attack. Also, itwas pointed out the reasons why the existing client-to-client password authenticatedkey exchange protocols had various security issues. Firstly, the security of the mostexisting protocols was only analyzed in ad hoc environment. Secondly, the security ofthe most existing protocols was proved in the random oracle model. Finally, theexisting standard model was not perfect.2. In the standard model, three different provably secure client-to-clientpassword authenticated key exchange protocol were introduced. First, thoughapplying ElGamal encryption scheme, a secure three-party password authenticatedkey exchange protocol was proposed in order to resist password-compromiseimpersonation attack and unknown key share attack. Second, though applyingcertificateless key encapsulation mechanism, a secure three-party passwordauthenticated key exchange protocol was proposed in order to solve certificate management and key escrow problem. Third, a secure cross-realm passwordauthenticated key exchange protocol based on verifier was proposed in order to resistimpersonation attack if the server was corrupted. The security of the protocols wasproven in the standard model. The results showed that all of them achieved forwardsecurity, mutual authentication, key privacy and efficiently resistance to variousattacks.3. Cryptanalysis and Design of provably secure password authenticated keyexchange protocol using smart card in the standard model. The attacks for the existingprotocols were pointed out. A standard model that was adequate for two-factorauthentication key exchange protocol was provided. This model can simulate attacksdue to smart card loss and introduced the formal definition of two-factor security. Aprovably secure password authenticated key exchange protocol using smart card wasproposed. Also, a general client-to-client password authenticated key exchangeprotocol using smart card was proposed based on any provably secure two-partypassword authenticated key exchange protocol using smart card.