PAKEPassword-Based Authenticated Key Exchange
References in periodicals archive ?
The PAKE research represents an alternative approach to protect passwords without relying on a Public Key Infrastructure (PKI).
In 1992 the first important milestone was reached in PAKE research.
The goal of using PAKE protocols for web authentication is to help make it easier for users to authenticate websites and reduce the attack surface of social engineering based attacks against their accounts [4].
In this paper, we will propose a multi-party PAKE (M-PAKE) scheme based on the ECC for mobile environment.
The proposed M-PAKE scheme consists of three phases: the system setup, the user registration, and the multi-party PAKE.
User registration phase: Each user must register in trusted server before multi-party PAKE.
This section revisits the three-party PAKE protocol proposed by Guo, Lia, Mu and Zhang in 2008 [10], and demonstrates that this protocol is susceptible to an offline dictionary attack in the presence of a malicious client.
In 2009, Huang [11] proposed a three-party PAKE protocol, claiming that the proposed protocol provides both security and efficiency without recourse to the use of server's public keys.
It possesses many properties compared with the PAKE protocols using smart card, such as identity protection, low computation for smart card, no password table and it is secure even if the smart card was lost.
Our further work will be on the PAKE protocol which provides privacy for the user not only against the attacker but also the server.
In relation to other security models, the most distinguishable characteristic of the PAKE security model is that the model must incorporate protection from dictionary attacks.
In the server-aided PAKE protocols, we more carefully consider online dictionary attacks because a malicious insider may indiscernibly launch such attacks by using the server as a password-verification oracle.