Abstract
A gateway-oriented password-based authenticated key exchange (GPAKE) is a three-party protocol, which allows a client and a gateway to establish a common session key with the help of an authentication server. To date, most of the published protocols for GPAKE have been based on Diffie-Hellman key exchange. In this article, we present the first GPAKE protocol based on RSA, then prove its security in the random oracle model under the RSA assumption. Furthermore, our protocol can resist both e-residue and undetectable on-line dictionary attacks. Finally, we investigate whether or not a GPAKE protocol can achieve both client anonymity and resistance against undetectable on-line dictionary attacks by a malicious gateway. We provide an affirmative answer by adding client anonymity with respect to the server. Preprint submitted to EURASIP JWCN October 16, 2011 to our basic protocol.
Highlights
The client C sends her public key (n, e) and a random number r1 Î {0, 1}k to the gateway G, and G just forwards the message and her RSA public key (n’, e’) to the authentication server
We provide an affirmative answer to the above question by adding client anonymity to our gateway-oriented password-based authenticated key exchange (GPAKE) protocol based on RSA
Our GPAKE protocol based on RSA we describe our GPAKE protocol based on RSA, and present its security results
Summary
The client C sends her public key (n, e) and a random number r1 Î {0, 1}k to the gateway G, and G just forwards the message and her RSA public key (n’, e’) to the authentication server. It is worth pointing out that achieving client anonymity, our protocol still can resist the undetectable on-line dictionary attack in the sense that a failed guess of the malicious gateway will be detected by the server.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: EURASIP Journal on Wireless Communications and Networking
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
