Efficient two-server password-only authenticated key, Password-authenticated key exchange (PAKE) is where a client and a server, who share a password, authenticate each other and meanwhile establish a cryptographic key by exchange of messages. In this setting, all the passwords necessary to authenticate clients are stored in a single server. If the server is compromised, due to, for example, hacking or even insider attack, passwords stored in the server are all disclosed. A scenario is considered, where two servers cooperate to authenticate a client and if one server is compromised, the attacker still cannot pretend to be the client with the information from the compromised server. Current solutions for two-server PAKE are either symmetric in the sense that two peer servers equally contribute to the authentication or asymmetric in the sense that one server authenticates the client with the help of another server. A symmetric solution is proposed for two-server PAKE, where the client can establish different cryptographic keys with the two servers, respectively. This protocol runs in parallel and is more efficient than existing symmetric two-server PAKE protocol, and even more efficient than existing asymmetric two-server PAKE protocols in terms of parallel computation.
Ãƒâ€šÃ‚Â EXISTING SYSTEM
Recent research advances in password-based authentication have allowed a client and a server mutually to authenticate with a password and meanwhile to establish a cryptographic key for secure communications after authentication.
In general, current solutions for password based authentication follow two models.
PKI model assumes that the client keeps the serverÃƒÂ¢Ã¢â€šÂ¬Ã¢â€žÂ¢s public key in addition to share a password with the server. In this setting, the client can send the password to the server by public key encryption.
Password only model is the authentication based on password only, and introduced a set of so-called ÃƒÂ¢Ã¢â€šÂ¬Ã…â€œencrypted key exchangeÃƒÂ¢Ã¢â€šÂ¬Ã‚Â protocols, where the password is used as a secret key to encrypt random numbers for key exchange purpose.
An identity-based model where the client needs to remember the password only while the server keeps the password in addition to private keys related to its identity. In this setting, the client can encrypt the password based on the identity of the server. This model is between the PKI-based and the password only models.
Typical protocols for password-based authentication assume a single server stores all the passwords necessary to authenticate clients.
If the server is compromised, due to, for example, hacking, or installing a Trojan horse, or even insider attack, user passwords stored in the server are disclosed.
In Password-authenticated key exchange (PAKE) two peer servers equally contribute to the authentication.
To propose a new symmetric solution for two-server PAKE.
Proposed protocol needs only four communication rounds for the client and two servers mutually to authenticate and simultaneously to establish secret session keys.
To provide one server S1 with an encryption of the password Ã¢â‚¬Å¾(g2pw,pk2) and another server S2 with an encryption of the password ÃƒÂÃ¢â‚¬Å¾(g1pw,pk1) where pk1 and pk2 are the encryption keys of S1 and S2, respectively.
In addition, two servers are provided random password shares b1 and b2 subject to b1 & b2 =H(pw), where H is a hash function.
The encryption and decryption key pairs for the two servers are generated by the client and delivered to the servers through different secure channels during the client registration, as the client in any two-server PAKE protocol sends two halves of the password to the two servers in secret, respectively.
In fact, a server should not know the encryption key of another server and is restricted to operate on the encryption of the password on the basis of the homomorphic properties of ElGamal encryption scheme.
To address this issue, two-server password-based authentication protocols were introduced, where two servers cooperate to authenticate a client on the basis of password and if one server is compromised, the attacker still cannot pretend to be the client with the information from the compromised server.
Secure against both passive and active attacks in case that one server is compromised.
More efficient than existing symmetric and asymmetric two-server PAKE protocols in terms of parallel computation.
This can be applied in distributed systems where multiple servers exist.