Design And Security Proof Of Password Authenticated Key Exchange Protocols

Password-based authenticated key exchange (PAKE) protocols enable two or more parties holding a memorable password to agree on a session key over a public network in secure and authenticated manner. With a rapid development of mobile network, PAKE protocols are widely used because their short length facilitates humans to remember. But with diversification of communication environment and fast application of new network technology, the proposed protocols become insecure anymore because the attack methods also constantly updated. There are new attacks in the PAKE protocols, such as password compromise impersonation (PCI) and ephemeral key compromise impersonation (EKCI) attacks. To resist these attacks, we mainly design novel and secure PAKE protocols in the asymmetric setting, which are competitive with the existing protocols in terms of security and efficiency. This is not only a work of great realistic significance, but also has wide application prospects.Firstly, we consider key exchange between client and server. The two party PAKE protocols enable client and server with a common password to establish a secure communication channel. Aim at adding resilience to PCI and EKCI attacks, we use public key cryptogram to propose a strong secure two-party PAKE protocol with more efficiency in the ideal model. Then we provide another provable secure two-party PAKE protocol using bilinear pairings in the random oracle model, which can be resistant to PCI attack. To the best of our knowledge, there is no previously proposed protocol with rigorous security proof which can resist the above attacks.Secondly, it is worthwhile to consider how to establish a secure channel between two clients with assistance by a trust server. The three-party PAKE protocols are fit for communication between two clients sharing different passwords with a single server. We propose a novel three-party PAKE protocol based on elliptic curve cryptosystem, which can resist PCI attack. In our scheme, the computational cost and communication cost for clients are lower than kindred protocols. Furthermore, we prove that the new protocol is forward secrecy in the ideal model.Finally, we analyze how to design the protocol which adapts to communication between two clients belonging to different servers. The cross-realm C2C-PAKE protocols enable two clients sharing different passwords with two servers to agree on a common session key. Through analysis of the framework and security of the current protocols, we propose a secure cross-realm C2C-PAKE protocol in the asymmetric setting, which can resist PCI attack. Our protocol is more efficient in terms of both communication and computational than existing protocols.