Abstract

In this paper, we suggest a new privacy preserving smartcard-based password authenticated key exchange SC-PAKE with provable security. Only the user who has two secrets smartcard and password can go through authentication with key exchange while concealing its identifier from outsider adversaries. For guaranteeing both authentication and identity ID protection, we define a security of session key and an anonymity of identifier. We also show that the proposed protocol satisfies two definitions under computational Diffie-Hellman assumption and chosen ciphertext attack CCA secure symmetric encryption. One problem is how a common secure key an encryption/decryption key can be shared between a server and a user without letting the corresponding server know a certain ID of user. For this issue, we set two kinds of long-term secrets; one is used to make a symmetric key for ID protection with user's ephemeral value, and the other is issued for helping agreement of a final session key for mutual authentication. Performance analysis shows that the proposed SC-PAKE has better efficiency in computation and communication costs than recent SC-PAKE schemes. To the best of our knowledge, it is the first scheme to guarantee both the session key security with authentication and privacy-enjoying provable security. Copyright © 2015John Wiley & Sons, Ltd.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.