A Strengthened PAKE Protocol with Identity-Based Encryption
Summary :
In [2], Choi et al. proposed an identity-based password-authenticated key exchange (iPAKE) protocol using the Boneh-Franklin IBE scheme, and its generic construction (UKAM-PiE) that was standardized in ISO/IEC 11770-4/AMD 1. In this paper, we show that the iPAKE and UKAM-PiE protocols are insecure against passive/active attacks by a malicious PKG (Private Key Generator) where the malicious PKG can find out all clients' passwords by just eavesdropping on the communications, and the PKG can share a session key with any client by impersonating the server. Then, we propose a strengthened PAKE (for short, SPAIBE) protocol with IBE, which prevents such a malicious PKG's passive/active attacks. Also, we formally prove the security of the SPAIBE protocol in the random oracle model and compare relevant PAKE protocols in terms of efficiency, number of passes, and security against a malicious PKG.
- Publication
- IEICE TRANSACTIONS on Information Vol.E105-D No.11 pp.1900-1910
- Publication Date
- 2022/11/01
- Publicized
- 2022/06/01
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2022NGP0009
- Type of Manuscript
- Special Section PAPER (Special Section on Next-generation Security Applications and Practice)
- Category
Authors
SeongHan SHIN
National Institute of Advanced Industrial Science and Technology (AIST)
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
SeongHan SHIN, "A Strengthened PAKE Protocol with Identity-Based Encryption" in IEICE TRANSACTIONS on Information,
vol. E105-D, no. 11, pp. 1900-1910, November 2022, doi: 10.1587/transinf.2022NGP0009.
Abstract: In [2], Choi et al. proposed an identity-based password-authenticated key exchange (iPAKE) protocol using the Boneh-Franklin IBE scheme, and its generic construction (UKAM-PiE) that was standardized in ISO/IEC 11770-4/AMD 1. In this paper, we show that the iPAKE and UKAM-PiE protocols are insecure against passive/active attacks by a malicious PKG (Private Key Generator) where the malicious PKG can find out all clients' passwords by just eavesdropping on the communications, and the PKG can share a session key with any client by impersonating the server. Then, we propose a strengthened PAKE (for short, SPAIBE) protocol with IBE, which prevents such a malicious PKG's passive/active attacks. Also, we formally prove the security of the SPAIBE protocol in the random oracle model and compare relevant PAKE protocols in terms of efficiency, number of passes, and security against a malicious PKG.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2022NGP0009/_p
Copy
@ARTICLE{e105-d_11_1900,
author={SeongHan SHIN, },
journal={IEICE TRANSACTIONS on Information},
title={A Strengthened PAKE Protocol with Identity-Based Encryption},
year={2022},
volume={E105-D},
number={11},
pages={1900-1910},
abstract={In [2], Choi et al. proposed an identity-based password-authenticated key exchange (iPAKE) protocol using the Boneh-Franklin IBE scheme, and its generic construction (UKAM-PiE) that was standardized in ISO/IEC 11770-4/AMD 1. In this paper, we show that the iPAKE and UKAM-PiE protocols are insecure against passive/active attacks by a malicious PKG (Private Key Generator) where the malicious PKG can find out all clients' passwords by just eavesdropping on the communications, and the PKG can share a session key with any client by impersonating the server. Then, we propose a strengthened PAKE (for short, SPAIBE) protocol with IBE, which prevents such a malicious PKG's passive/active attacks. Also, we formally prove the security of the SPAIBE protocol in the random oracle model and compare relevant PAKE protocols in terms of efficiency, number of passes, and security against a malicious PKG.},
keywords={},
doi={10.1587/transinf.2022NGP0009},
ISSN={1745-1361},
month={November},}
Copy
TY - JOUR
TI - A Strengthened PAKE Protocol with Identity-Based Encryption
T2 - IEICE TRANSACTIONS on Information
SP - 1900
EP - 1910
AU - SeongHan SHIN
PY - 2022
DO - 10.1587/transinf.2022NGP0009
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E105-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 2022
AB - In [2], Choi et al. proposed an identity-based password-authenticated key exchange (iPAKE) protocol using the Boneh-Franklin IBE scheme, and its generic construction (UKAM-PiE) that was standardized in ISO/IEC 11770-4/AMD 1. In this paper, we show that the iPAKE and UKAM-PiE protocols are insecure against passive/active attacks by a malicious PKG (Private Key Generator) where the malicious PKG can find out all clients' passwords by just eavesdropping on the communications, and the PKG can share a session key with any client by impersonating the server. Then, we propose a strengthened PAKE (for short, SPAIBE) protocol with IBE, which prevents such a malicious PKG's passive/active attacks. Also, we formally prove the security of the SPAIBE protocol in the random oracle model and compare relevant PAKE protocols in terms of efficiency, number of passes, and security against a malicious PKG.
ER -
English
