Skip to main content
placeholder image

Cross-domain password-based authenticated key exchange revisited

Conference Paper


Abstract


  • We revisit the problem of cross-domain secure communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this paper, we propose a four-party password-based authenticated key exchange (4PAKE) protocol that takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that “certify” some key materials that the users can subsequently exchange and agree on a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange protocol and two-party asymmetric-key based key exchange protocol as black boxes, we combine them to obtain a generic and provably secure 4PAKE protocol.

UOW Authors


  •   Chen, Liqun (external author)
  •   Lim, Hoon Wei. (external author)
  •   Yang, Guomin

Publication Date


  • 2013

Citation


  • Chen, L., Lim, H. Wei. & Yang, G. (2013). Cross-domain password-based authenticated key exchange revisited. Proceedings - IEEE INFOCOM (pp. 1052-1060). United States: IEEE.

Scopus Eid


  • 2-s2.0-84883128578

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/1443

Has Global Citation Frequency


Start Page


  • 1052

End Page


  • 1060

Place Of Publication


  • United States

Abstract


  • We revisit the problem of cross-domain secure communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this paper, we propose a four-party password-based authenticated key exchange (4PAKE) protocol that takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that “certify” some key materials that the users can subsequently exchange and agree on a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange protocol and two-party asymmetric-key based key exchange protocol as black boxes, we combine them to obtain a generic and provably secure 4PAKE protocol.

UOW Authors


  •   Chen, Liqun (external author)
  •   Lim, Hoon Wei. (external author)
  •   Yang, Guomin

Publication Date


  • 2013

Citation


  • Chen, L., Lim, H. Wei. & Yang, G. (2013). Cross-domain password-based authenticated key exchange revisited. Proceedings - IEEE INFOCOM (pp. 1052-1060). United States: IEEE.

Scopus Eid


  • 2-s2.0-84883128578

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/1443

Has Global Citation Frequency


Start Page


  • 1052

End Page


  • 1060

Place Of Publication


  • United States