Anonymous and authenticated key exchange

Abstract

Authenticated key exchange (AKE, for short) protocols are mechanisms by which two or more parties that communicate over an insecure network can generate a shared secret key. They are a central piece for building secure communication channels (e.g. SSL, IPSec). However, after three decades of research, design and analysis of secure AKE protocols have been proved to be a non-trivial task. In this thesis, we target to propose some systematic ways for the construction of provably secure AKE protocols in di®erent settings. We will review and analyze previous security models and de¯nitions in both the standard and the password based settings. We also propose security requirements and a formal de¯nition for secure roaming since user mobility is becoming very important and getting widely available in our communications systems nowadays. In addition, we propose a set of desirable properties for the smart-card-based password authentication protocols and a generic con- struction framework. In particular, we show that a secure password based authentication and key exchange protocol can be transformed e±ciently to a smart-card-based password authentication and key exchange scheme satis- fying all of our desirable properties provided that there exist pseudorandom functions and collision resistant hash functions. As user privacy is also becoming a notable security issue, we further provide methods to transform all the protocols presented in this thesis to user-anonymous versions