Deakin University
Browse

File(s) under permanent embargo

A variant of password authenticated key exchange protocol

Version 2 2024-06-06, 00:16
Version 1 2017-07-26, 15:38
journal contribution
posted on 2024-06-06, 00:16 authored by Y Zhang, Y Xiang, W Wu, A Alelaiwi
Password authenticated key exchange (PAKE) protocols are designed for a pair of users to establish a secret session key over a public and unreliable network. In existing PAKE protocols, it is assumed that short passwords are pre-shared between users. This assumption, however, would be impractical in certain applications. For instance, in the Internet of Things and Fog computing, billions of devices will be wirelessly connected. In practice, the devices are produced by different factories, and it is not practical to assume that these devices are pre-loaded with passwords when they leave factories. As a result, existing PAKE protocols cannot be directly employed in these applications. Moreover, it is investigated that devices can extract secrets using the wireless fading channel. However, the key extraction rate at the physical layer is slow. Motivated by these observations, this paper presents a variant of password authenticated key exchange (vPAKE) protocol without the password sharing assumption. To obtain the passwords, wireless devices, such as mobile phones, tablets, and laptops, are used to extract short secrets at the physical layer. Using the extracted secrets, users can establish a secret key at higher layers. The performance analysis shows that comparing with other PAKE protocols (which are proved secure in the standard model), the communication and computation consumptions of our protocol are significantly reduced. Additionally, the proposed protocol is proved secure in the standard model.

History

Journal

Future Generation Computer Systems

Volume

78

Season

Part 2

Pagination

699-711

Location

Amsterdam, The Netherlands

ISSN

0167-739X

Language

eng

Publication classification

C Journal article, C1 Refereed article in a scholarly journal

Copyright notice

2017, Elsevier B.V.

Publisher

Elsevier BV