An Efficient and Leakage-Resilient RSA-Based Authenticated Key Exchange Protocol with Tight Security Reduction*A preliminary version appeared in [33]. Some mistakes about security proof are corrected in this paper. - Citegraph

Paper Info

Title
An Efficient and Leakage-Resilient RSA-Based Authenticated Key Exchange Protocol with Tight Security Reduction*A preliminary version appeared in [33]. Some mistakes about security proof are corrected in this paper.

Abstract
Both mutual authentication and generation of session keys can be accomplished by an authenticated key exchange (AKE) protocol. Let us consider the following situation: (1) a client, who communicates with many different servers, remembers only one password and has insecure devices (e.g., mobile phones or PDAs) with very-restricted computing power and built-in memory capacity; (2) the counterpart servers have enormous computing power, but they are not perfectly secure against various attacks (e.g., virus or hackers); (3) neither PKI (Public Key Infrastructures) nor TRM (Tamper-Resistant Modules) is available. The main goal of this paper is to provide security against the leakage of stored secrets as well as to attain high efficiency on client's side. For those, we propose an efficient and leakage-resilient RSA-based AKE (RSA-AKE) protocol suitable for the above situation whose authenticity is based on password and another secret. In the extended model where an adversary is given access to the stored secret of client, we prove that its security of the RSA-AKE protocol is reduced tightly to the RSA one-wayness in the random oracle model. We also show that the RSA-AKE protocol guarantees several security properties (e.g., security of password, multiple sever scenario with only one password, perfect forward secrecy and anonymity). To our best knowledge, the RSA-AKE protocol is the most efficient, in terms of both computation costs of client and communication costs, over the previous AKE protocols of their kind (using password and RSA).

Year	DOI	Venue
2007	10.1093/ietfec/e90-a.2.474	IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Keywords	DocType	Volume
preliminary version,enormous computing power,extended model,security proof,previous ake protocol,security property,random oracle model,key exchange protocol,tight security reduction,rsa one-wayness,rsa-ake protocol,following situation,very-restricted computing power,public key infrastructures,perfect forward secrecy,efficiency,passwords	Journal	E90-A
Issue	ISSN	Citations
2	0916-8508	0
PageRank	References	Authors
0.34	0	3

Authors (3 rows)

Cited by (0 rows)

References (0 rows)

Name	Order	Citations	PageRank
Seonghan Shin	1	54	8.57
kazukuni kobara	2	387	47.00
Hideki Imai	3	0	0.34

1