File(s) under permanent embargo
Password-authenticated group key exchange: a cross-layer design
journal contributionposted on 2016-12-01, 00:00 authored by Yuexin Zhang, Yang Xiang, X Huang
Two-party password-Authenticated key exchange (2PAKE) protocols provide a natural mechanism for secret key establishment in distributed applications, and they have been extensively studied in past decades. However, only a few efforts have been made so far to design password-Authenticated group key exchange (GPAKE) protocols. In a 2PAKE or GPAKE protocol, it is assumed that short passwords are preshared among users. This assumption, however, would be impractical in certain applications.Motivated by this observation, this article presents a GPAKE protocol without the password sharing assumption. To obtain the passwords, wireless devices, such as smart phones, tablets, and laptops, are used to extract short secrets at the physical layer. Using the extracted secrets, users in our protocol can establish a group key at higher layers with light computation consumptions. Thus, our GPAKE protocol is a cross-layer design. Additionally, our protocol is a compiler, that is, our protocol can transform any provably secure 2PAKE protocol into a GPAKE protocol with only one more round of communications. Besides, the proposed protocol is proved secure in the standard model.
JournalACM transactions on internet technology
Pagination1 - 20
PublisherAssociation for Computing Machinery
LocationNew York, N.Y.
Publication classificationC Journal article; C1 Refereed article in a scholarly journal
Copyright notice2016, ACM
security and privacykey managementsecurity protocolsmobile and wireless securitynetworkscross-layer protocolsgroup key exchangepasswordsecurityphysical layerhigher layersScience & TechnologyTechnologyComputer Science, Information SystemsComputer Science, Software EngineeringComputer Sciencethe physical layerBIG DATASECUREEFFICIENTESTABLISHMENTGENERATIONAGREEMENTPROTOCOLPRIVACYCLOUDIOTInformation SystemsArtificial Intelligence and Image ProcessingDistributed Computing