| Password-based authenticated key exchange (PAKE) protocols enable two or more parties holding a human-memorable password to agree on a session key over a public network in a secure and authenticated manner. PAKE protocols are widely used because their short length facilitates human beings to remember. Most of the existing PAKE protocols are based on the Diffie-Hellman key exchange. With a rapid development of mobile network, PAKE protocols combined with the public-key cryptographic techniques have appeared in the communication field.In a protocol based on RSA, the RSA public/private keys are selected by clients rather than distributed by a certificate authentication center so that the process of the on-line authentication is no longer needed. As a result, the efficiency is improved. However, RSA-based PAKE protocols are subject to a new type of dictionary attack: e-residue attack. In fact, many protocols based on RSA are found to be vulnerable to this attack. Until now, the PAKE protocols based on RSA only work between a server and a client. We mainly design secure client-to-client PAKE protocols based on RSA, which can resist e-th residue attacks and are competitive with the existing protocols in terms of security and efficiency. This is not only a work of great realistic significance, but also has wide application prospects.Firstly, we consider how to establish a secure channel between two clients with the help of a trusted server, namely the three-party case. In a three-party PAKE protocol, two clients each share a password with the trusted server, respectively. We propose a novel three-party PAKE protocol based on RSA, which can resist e-residue attacks. Then we improve this protocol and present a new one using message authentication code (MAC). The computational cost of the latter is lower than the former. Furthermore, we prove the semantic security and key privacy for the two protocols in the random oracle model.Secondly, we consider the cross-realm case, in which two clients each share a password with a different trusted server, respectively. The cross-realm PAKE (C2C-PAKE) protocols enable two clients sharing different passwords with two servers to agree on a common session key. Through analysis of the framework and security of the existing C2C-PAKE protocols, we propose a secure cross-realm C2C-PAKE protocol based on RSA. In our protocol, each client sends message to corresponding server simultaneously, while previous solutions only allow one client to send message to the server when it receives message from the other client. So the communication efficiency is greatly enhanced. Furthermore, our protocol is provably secure in the random oracle model.Finally, through analyzing a lot of three-party and cross-realm protocols, we present the differences among three-party, cross-realm and two-party protocols, which include the different design rationale and the different applicable scenario, especially the difficulties and techniques in the security proof. |
PDF Full Text Request