Title: Provably secure CL-KEM-based password-authenticated key exchange protocol

Authors: Junhan Yang; Bo Su; Chaoping Guo; Wenlin Han; Yang Xiao

Addresses: School of Computer, Xi'an University of Science and Technology, Xi'an, Shaanxi 710054, China ' Xi'an Electronic Engineering Research Institute, Xi'an, Shaanxi 710100, China ' Xi'an Communication Institute, Xi'an, Shaanxi 710000, China ' Department of Computer Science, The University of Alabama, 342 H.M. Comer, Box 870290, Tuscaloosa, AL 35487-0290 USA ' School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing 210044, China; Department of Computer Science, The University of Alabama, 342 H.M. Comer, Box 870290, Tuscaloosa, AL 35487-0290 USA

Abstract: Traditional password-based authentication protocols are vulnerable to various password-related attacks, while public key cryptography (PKC) is expensive to manage certificates. Moreover, the traditional identity-based cryptography suffers to key escrow. To solve the above problems, we propose a password-based authentication and key exchange (AKE) protocol. The protocol is based on certificateless key encapsulation mechanism (CL-KEM) using the three-party setting. The security of this protocol is provable under the decisional Diffie-Hellman (DDH) assumption. Security analysis shows that this protocol can achieve mutual authentication and forward security, and it can resist various password-related attacks.

Keywords: password authentication; key exchange protocols; certificateless key exchange; DDH; decisional Diffie-Hellman; provable security; protocol security; mutual authentication; forward security; password-related attacks; identity-based cryptography; key escrow.

DOI: 10.1504/IJSNET.2017.081348

International Journal of Sensor Networks, 2017 Vol.23 No.2, pp.113 - 122

Received: 09 Jul 2016
Accepted: 09 Jul 2016
Published online: 05 Jan 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article