Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

4-2013

Abstract

We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this paper, we propose a generic framework for designing four-party password-based authenticated key exchange (4PAKE) protocols. Our framework takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that “certify” some key materials that the users can subsequently use to exchange and agree on a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange (2PAKE) protocol and two-party asymmetric-key/symmetric-key based key exchange (2A/SAKE) protocol as black boxes, we combine them to obtain generic and provably secure 4PAKE protocols.

Keywords

Password-based protocol, key exchange, cross-domain, client-to-client

Discipline

Information Security

Research Areas

Information Systems and Management

Publication

Proceedings of the 32nd IEEE Conference on Computer Communications, Turin, Italy, 2013 April 14-19

First Page

1052

Last Page

1060

ISBN

9781467359467

Identifier

10.1109/INFCOM.2013.6566895

Publisher

IEEE

City or Country

Turin, Italy

Additional URL

https://doi.org/10.1109/INFCOM.2013.6566895

Download

Share

COinS