The password-authenticated key exchange (PAKE) is an important tool to secure wireless
communications. To counter possible malicious attacks in wireless communications, this paper
develops a stronger new cross-realm client-to-client (C2C) PAKE protocol based on the smart card
framework agreement. Employing the client passwords, smart card information and server private
keys, the new PAKE protocol works by the Mod calculation, Asymmetric encryption and
Diffie-Hellman operations. It can practically enhance the security of wireless communications even
when both client passwords and server private keys are snatched. To verify the performance of the new
protocol, we bring in the Yoneyama’s security model which can verify very intrigue attacks (including
key-compromise impersonation and leakage of ephemeral private attacks) to check the security levels
of existing C2C PAKE protocols and our protocol. The collected cost comparison results show that, in
contrast to other protocols, our new protocol yields notably better security gain at very reasonable cost.
Relation:
Journal of Applied Science and Engineering=淡江理工學刊 18(4), pp.407-418
