Research On Password-based Authenticated Key Exchange Protocol

With the development of network technology and the wide application of technologies such as cloud computing,big data,and Internet of Things,society has entered the era of informationization.Various information systems are completely changing the work and lifestyle of people,bringing great convenience to people.People are increasingly storing and utilizing resources on remote servers(or the cloud),using a variety of services provided by remote servers(the cloud).To protect the data security of the user on the remote server(the cloud)and prevent the attacker from impersonating the legitimate user,the server needs to authenticate the identity or access rights of the user.Passwords are easy to remember.Using passwords to verify user identity or permissions is currently the most commonly authentication technology.In addition to authenticating the identity of users and servers,password-based authenticated key exchange protocols can also generate a shared high-intensity session key between the user and the server.This key can be used to ensure the security of subsequent communication between the user and the server.Therefore,password-based key exchange protocol enables people to use high-intensity session keys in an easy-to-remember manner,providing convenient and secure communication for secure communication.Password-based authenticated key exchange(PAKE)protocol was firstly proposed by Bellovin and Merrittin in 1992.The protocol enables the participants to establish a shared high-intensity secret key,while the two participants only share a short password as the authentication factor.Passwords are usually short,easy to remember,and easy to use.They do not require the deployment of a public key infrastructure or hardware devices such as smart cards to store keys.The removal of the public key infrastructure means avoiding a series of time-consuming and laborious operations such as public key registration,management and revocation.Password-based authenticated key exchange protocol has always been a hot issue in the field of cryptography research.During using the network,more and more personal privacy information is transmitted,stored and processed in the network.While using various network services,users naturally hope to disclose additional private information as little as possible.It is one of the important topics in design of cryptographic security protocols that making people fully enj oy the service and protect the privacy information as much as possible.Anonymity is an effective means of protecting users' personal information.By hiding the user's personal identity information during the communication process,neither the attacker nor the server can obtain the association between the user's personal identity and other information,which can protect the user's personal privacy to a certain extent.Anonymous password-based authenticated key exchange protocol allows the user to establish a session key with the server in an anonymous manner,and at the same time enables the server authencicate the user's access authority,while the user and the server only share a low entropy password.This paper studies anonymous PAKE protocol,three-party PAKE protocol,and anonymous two-factor authenticated key exchange protocol and have the following three aspects of research results:1.Verifer-based anonymous password authenticated key exchange protocolAt present,most of anonymous PAKE protocols are designed and analyzed in random oracle model.Only a small number of protocols are provably secure in standard model.However,the random oracle model is an ideal model.The random oracle function can only be replaced by a hash function with good cryptographic properties in practical applications,but this may bring security risks to the protocol.In addition,in most anonymous PAKE protocols,the server typically stores the user's plaintext password,and if the server is compromised,passwords and other information stored on the server will be compromised.In order to reduce the loss caused by this defect,the researchers proposed an asymmetric model of the password,that is,the server no longer stores the user's plaintext password,but only the password verification information called the verifier.If the attacker obtains the verifier,an offline dictionary attack is required to obtain the correct password,adopting a strategy such adding salt can better protect the password.Based on the above principles,we propose a general framework of verifier-based anonymous password authenticated key exchange protocol,and give an instantiation scheme of the protocol.Based on the most efficient PAKE protocol,the protocol combines the two-party password authenticated key exchange protocol with 1-out-of-n oblivious transfer to achieve user anonymity.This protocol is proven secure in standard model.This protocol only requires two rounds of interaction,which realizes the optimal communication efficiency of the mutual implicit authentication of anonymous PAKE protocol.If the protocol want to achieve mutual explicit authentication between the user and the server,it only need to add another round of interaction.2.Verifier-based three-party PAKE protocolIn a large-scale end-to-end application,if two participants use a two-party PAKE protocol to generate a session key,each participant needs to share a password with the other party,and the user needs to remember a lots of password.The quantity of the password the user need to remember will be linear with the number of participants.A large number of passwords will exceed the user's memory,and key management will become very difficult.The researchers proposed three-party PAKE protocol where two users only share passwords with a trusted servers,and the two users establish a common session key with the help of the server.Most of the existing three-party PAKE protocols are designed in random oracle model and required the server have pulick key.Only a few protocols which only use passwords as the authentication method are provably secure in standard model.In addition,in most three-party PAKE protocol,the password is stored in the cleartext on the server.Once the server information is leaked,the adversary obtains the user password and then pretends to be a legitimate user to communicate with the server,which greatly harms the data security of the user and the server.Aiming at the shortcomings of existing three-party PAKE protocol,this paper constructs a verifier-based three-party PAKE protocol by using smooth projective hash function.The protocol is provably secure in standard model,and the protocol uses only password as the authentication means,and does not rely on the server to have the public key.3.Anonymous two-factor authenticated key exchange protocolPeople often use passwords as authentication methods,but passwords are usually chosen from a small collection and are vulnerable to dictionary attacks.As password cracking hardware and algorithms continue to improve,the ability of adversary to crack passwords has gradually increased.In addition,passwords can be recovered through social engineering,shoulder surfing and keyboard eavesdropping.Single-factor authentication does not meet the goal of providing greater security protection in certain applications.The researchers proposed two-factor authenticated key exchange protocol,and smart cards and passwords are currently the most commonly used two-factor authentication method.Anonymity is an important security attribute that protects a user's personal information from being exposed.In order to realize two-factor authentication and anonymity of user identity,the researchers proposed anonymous two-factor authenticated key exchange protocol based on dynamic ID.Conventional dynamic ID-based anonymous two-factor authenticated key exchange protocol only achieves user anonymity for external attackers,and only a few protocols realize the untraceability of user identity.That is to say,the honest-but-curious server may identify the user,trace the user's activities,and analyze the user's individual preferences for financial benefits(e.g.selling of user shopping behavior or profile to advertisers).This paper studies the anonymous two-factor authenticated key exchange protocol and proposes the notion of strong anonymity.Strong anonymity is means any information about the identity of the user cannot be obtained by the server or external adversary.The server only knows that it is interacting with a user belonging to a legitimate user group without knowing any identity information for that user.This paper proposes an anonymous two-factor authenticated key exchange protocol and proves the security of the protocol in random oracle model.In the construction of the protocol,1-out-of-n oblivious transfer is used to ensure the anonymity of the user.This protocol does not require clock synchronization,does not require the server to store the user's password list,and achieves the semantic security of the session key,the user's anonymity and untraceability to the server and the adversary.