Affordable Access

Client-to-client Password-Based Authenticated Key Establishment in a Cross-Realm Setting

Publication Date
  • Password
  • Provably Secure
  • Cross-Realm
  • Authenticated Key Establishment
  • Computer Science


The area of password-based authenticated key establishment protocols has been the subject of a vast amount of work in the last few years due to its practical aspects. Despite the attention given to it, most passwordauthenticated key establishment (PAKE) schemes in the literature consider authentication between a client and a sever. Although some of them are extended to a threeparty PAKE protocol, in which a trusted server exists to mediate between two clients to allow mutual authentication, they are less considered in a cross-realm setting like in kerberos system. In this paper, we propose a provably secure password-authenticated key establishment protocol in a cross-realm setting where two clients in different realms obtain a secret session key as well as mutual authentication, with the help of respective servers. We deal with it using ideas similar to those used in the three-party protocol due to M. Abdalla et al. In our protocol, each client firstly establish secure channel with its server and then the servers securely distribute a fresh common session key to the two clients. One of the attractive features is that our protocol can be easily extended to a more general scenario where a common key should be established among more than two clients. Moreover, analysis shows that the proposed protocol has a per-user computational cost of the underlying two-party encrypted key exchange.

There are no comments yet on this publication. Be the first to share your thoughts.