TY - GEN
T1 - An efficient password-only two-server authenticated key exchange system
AU - Jin, Haimin
AU - Wong, Duncan S.
AU - Xu, Yinlong
PY - 2007
Y1 - 2007
N2 - One of the prominent advantages of password-only two-server authenticated key exchange is that the user password will remain secure against offline dictionary attacks even after one of the servers has been compromised. The first system of this type was proposed by Yang, Deng and Bao in 2006. The system is efficient with a total of eight communication rounds in one protocol run. However, the security assumptions are strong. It assumes that one particular server cannot be compromised by an active adversary. It also assumes that there exists a secure communication channel between the two servers. Recently, a new protocol has been proposed by the same group of researchers. The new one removes these assumptions, but in return pays a very high price on the communication overhead. It takes altogether ten rounds to complete one protocol run and requires more computation. Therefore, the question remains is whether it is possible to build a protocol which can significantly reduce the number of communication rounds without introducing additional security assumptions or computational complexity. In this paper, we give an affirmative answer by proposing a very efficient protocol with no additional assumption introduced. The protocol requires only six communication rounds without increasing the computational complexity. © Springer-Verlag Berlin Heidelberg 2007.
AB - One of the prominent advantages of password-only two-server authenticated key exchange is that the user password will remain secure against offline dictionary attacks even after one of the servers has been compromised. The first system of this type was proposed by Yang, Deng and Bao in 2006. The system is efficient with a total of eight communication rounds in one protocol run. However, the security assumptions are strong. It assumes that one particular server cannot be compromised by an active adversary. It also assumes that there exists a secure communication channel between the two servers. Recently, a new protocol has been proposed by the same group of researchers. The new one removes these assumptions, but in return pays a very high price on the communication overhead. It takes altogether ten rounds to complete one protocol run and requires more computation. Therefore, the question remains is whether it is possible to build a protocol which can significantly reduce the number of communication rounds without introducing additional security assumptions or computational complexity. In this paper, we give an affirmative answer by proposing a very efficient protocol with no additional assumption introduced. The protocol requires only six communication rounds without increasing the computational complexity. © Springer-Verlag Berlin Heidelberg 2007.
UR - http://www.scopus.com/inward/record.url?scp=38149142394&partnerID=8YFLogxK
UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-38149142394&origin=recordpage
U2 - 10.1007/978-3-540-77048-0_4
DO - 10.1007/978-3-540-77048-0_4
M3 - RGC 32 - Refereed conference paper (with host publication)
SN - 9783540770473
T3 - Lecture Notes in Computer Science
SP - 44
EP - 56
BT - Information and Communications Security
A2 - Qing, Sihan
A2 - Imai, Hideki
A2 - Wang, Guilin
PB - Springer
CY - Berlin, Heidelberg
T2 - 9th International Conference on Information and Communications Security (ICICS 2007)
Y2 - 12 December 2007 through 15 December 2007
ER -