Cross-domain password-based authenticated key exchange revisited
We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authorit...
Saved in:
Main Authors: | , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2013
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/7350 https://ink.library.smu.edu.sg/context/sis_research/article/8353/viewcontent/2012_397__1_.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-8353 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-83532022-10-06T02:31:33Z Cross-domain password-based authenticated key exchange revisited CHEN, Liqun LIM, Hoon Wei YANG, Guomin We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this paper, we propose a generic framework for designing four-party password-based authenticated key exchange (4PAKE) protocols. Our framework takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that “certify” some key materials that the users can subsequently use to exchange and agree on a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange (2PAKE) protocol and two-party asymmetric-key/symmetric-key based key exchange (2A/SAKE) protocol as black boxes, we combine them to obtain generic and provably secure 4PAKE protocols. 2013-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7350 info:doi/10.1109/INFCOM.2013.6566895 https://ink.library.smu.edu.sg/context/sis_research/article/8353/viewcontent/2012_397__1_.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Password-based protocol key exchange cross-domain client-to-client Information Security |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Password-based protocol key exchange cross-domain client-to-client Information Security |
spellingShingle |
Password-based protocol key exchange cross-domain client-to-client Information Security CHEN, Liqun LIM, Hoon Wei YANG, Guomin Cross-domain password-based authenticated key exchange revisited |
description |
We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this paper, we propose a generic framework for designing four-party password-based authenticated key exchange (4PAKE) protocols. Our framework takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that “certify” some key materials that the users can subsequently use to exchange and agree on a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange (2PAKE) protocol and two-party asymmetric-key/symmetric-key based key exchange (2A/SAKE) protocol as black boxes, we combine them to obtain generic and provably secure 4PAKE protocols. |
format |
text |
author |
CHEN, Liqun LIM, Hoon Wei YANG, Guomin |
author_facet |
CHEN, Liqun LIM, Hoon Wei YANG, Guomin |
author_sort |
CHEN, Liqun |
title |
Cross-domain password-based authenticated key exchange revisited |
title_short |
Cross-domain password-based authenticated key exchange revisited |
title_full |
Cross-domain password-based authenticated key exchange revisited |
title_fullStr |
Cross-domain password-based authenticated key exchange revisited |
title_full_unstemmed |
Cross-domain password-based authenticated key exchange revisited |
title_sort |
cross-domain password-based authenticated key exchange revisited |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2013 |
url |
https://ink.library.smu.edu.sg/sis_research/7350 https://ink.library.smu.edu.sg/context/sis_research/article/8353/viewcontent/2012_397__1_.pdf |
_version_ |
1770576317398384640 |