| Presentation | 2010-03-04 About Security of Threshold Anonymous Password-Authenticated Key Exchange SeongHan SHIN, Kazukuni KOBARA, Hideki IMAI, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | An anonymous password-authenticated key exchange protocol is designed to provide both password-only authentication and client anonymity against a semi-honest server, who honestly follows the protocol. In IN-DOCRYPT2008, Yang and Zhang [24] proposed a new anonymous PAKE (NAPAKE) protocol and its threshold (D-NAPAKE) which they claimed to be secure against insider attacks. In this paper, we first show that the D-NAPAKE protocol [24] is insecure against insider attacks unlike their claim. Specifically, only one legitimate client can freely impersonate any subgroup of clients (the threshold t > 1) to the server. Then, we propose a threshold anonymous PAKE (called, TAP^+) protocol which provides security against insider attacks. Moreover, we prove that the TAP+ protocol is AKE-secure against active attacks as well as insider attacks under the computational Diffie-Hellman problem, and provides client anonymity against a semi-honest server, who honestly follows the protocol. Finally, several discussions are followed: 1) We also show another threshold anonymous PAKE protocol by applying our RATIONALE to the (non-threshold) anonymous PAKE (VEAP) protocol [21]; and 2) We give the efficiency comparison and security consideration of the TAP+ protocol. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | password-authenticated key exchange / passwords / on-line/off-line dictionary attacks / anonymity / efficiency / provable security |
| Paper # | IT2009-75,ISEC2009-83,WBS2009-54 |
| Date of Issue |
| Conference Information | |
| Committee | ISEC |
|---|---|
| Conference Date | 2010/2/25(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Security (ISEC) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | About Security of Threshold Anonymous Password-Authenticated Key Exchange |
| Sub Title (in English) | |
| Keyword(1) | password-authenticated key exchange |
| Keyword(2) | passwords |
| Keyword(3) | on-line/off-line dictionary attacks |
| Keyword(4) | anonymity |
| Keyword(5) | efficiency |
| Keyword(6) | provable security |
| 1st Author's Name | SeongHan SHIN |
| 1st Author's Affiliation | Research Center for Information Security, AIST() |
| 2nd Author's Name | Kazukuni KOBARA |
| 2nd Author's Affiliation | Research Center for Information Security, AIST |
| 3rd Author's Name | Hideki IMAI |
| 3rd Author's Affiliation | Research Center for Information Security, AIST:Chuo University |
| Date | 2010-03-04 |
| Paper # | IT2009-75,ISEC2009-83,WBS2009-54 |
| Volume (vol) | vol.109 |
| Number (no) | 445 |
| Page | pp.pp.- |
| #Pages | 8 |
| Date of Issue | |