Cross-domain password-based authenticated key exchange revisited

We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authorit...

Full description

Saved in:
Bibliographic Details
Main Authors: CHEN, Liqun, LIM, Hoon Wei, YANG, Guomin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2014
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/7346
https://ink.library.smu.edu.sg/context/sis_research/article/8349/viewcontent/2584681.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-8349
record_format dspace
spelling sg-smu-ink.sis_research-83492022-10-06T02:26:41Z Cross-domain password-based authenticated key exchange revisited CHEN, Liqun LIM, Hoon Wei YANG, Guomin We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this article, we propose a generic framework for designing four-party password-based authenticated key exchange (4PAKE) protocols. Our framework takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords, which they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that certify some key materials that the users can subsequently use to exchange and agree on as a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange (2PAKE) protocol and two-party asymmetric-key/symmetric-keybased key exchange (2A/SAKE) protocol as black boxes, we combine them to obtain generic and provably secure 4PAKE protocols. 2014-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7346 info:doi/10.1145/2584681 https://ink.library.smu.edu.sg/context/sis_research/article/8349/viewcontent/2584681.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Client-to-client Cross-domain Key exchange Password-based protocol Digital Communications and Networking Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Client-to-client
Cross-domain
Key exchange
Password-based protocol
Digital Communications and Networking
Information Security
spellingShingle Client-to-client
Cross-domain
Key exchange
Password-based protocol
Digital Communications and Networking
Information Security
CHEN, Liqun
LIM, Hoon Wei
YANG, Guomin
Cross-domain password-based authenticated key exchange revisited
description We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this article, we propose a generic framework for designing four-party password-based authenticated key exchange (4PAKE) protocols. Our framework takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords, which they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that certify some key materials that the users can subsequently use to exchange and agree on as a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange (2PAKE) protocol and two-party asymmetric-key/symmetric-keybased key exchange (2A/SAKE) protocol as black boxes, we combine them to obtain generic and provably secure 4PAKE protocols.
format text
author CHEN, Liqun
LIM, Hoon Wei
YANG, Guomin
author_facet CHEN, Liqun
LIM, Hoon Wei
YANG, Guomin
author_sort CHEN, Liqun
title Cross-domain password-based authenticated key exchange revisited
title_short Cross-domain password-based authenticated key exchange revisited
title_full Cross-domain password-based authenticated key exchange revisited
title_fullStr Cross-domain password-based authenticated key exchange revisited
title_full_unstemmed Cross-domain password-based authenticated key exchange revisited
title_sort cross-domain password-based authenticated key exchange revisited
publisher Institutional Knowledge at Singapore Management University
publishDate 2014
url https://ink.library.smu.edu.sg/sis_research/7346
https://ink.library.smu.edu.sg/context/sis_research/article/8349/viewcontent/2584681.pdf
_version_ 1770576316429500416