SLP Header

A Secure Key Exchange for Symmetric Peer Server against Passive Attack

IJCSEC Front Page

Password-authenticated key exchange (PAKE) is where a client and a server, who share a password, authenticate each other and meanwhile establish a cryptographic key by exchange of messages. The main aim of this project is to authenticate a client, in the scenario where two Peer servers co-operate for Authentication and if one server is compromised, the attacker still cannot pretend to be the client with the information from the compromised server. Because no Password Information will be stored and keeps providing services instead of any Crash Report. Our Two-Server PAKE protocol is Symmetric, and runs in parallel in authenticating a client by Encrypted key exchange (EKE), providing efficient services to user.
Keyword:Password-authenticated key exchange, dictionary attack, Diffie-Hellman key exchange, ElGamal encryption, Active and Passive attack..
Earlier password-based authentication systems transmitted a cryptographic hash of the password over a public channel which makes the hash value accessible to an attacker. When this is done, and it is very common, the attacker can work offline, rapidly testing possible passwords against the true password’s hash value. Studies have consistently shown that a large fraction of user-chosen passwords are readily guessed automatically. For example, according to Bruce Schneier, examining data from a 2006 phishing attack, 55 percent of MySpace passwords would be crackable in 8 hours using a commercially available Password Recovery Toolkit capable of testing200, 000 passwords per second in 2006 [2].Recent research advances in password-based authentication have allowed a client and a server mutually to authenticate with a password and meanwhile to establish a cryptographic key for secure communications after authentication. In general, current solutions for password based authentication follow two models. The first model, called PKI-based model, assumes that the client keeps the server’s public key in addition to share a password with the server. In this setting, the client can send the password to the server by public key encryption. Gong [6], [7] were the first to present this kind of authentication protocols with heuristic resistant to offline dictionary attacks, and Halevi and Krawczyk [6] were the first to provide formal definitions and rigorous proofs of security for PKI-based model. The second model is called password-only model. Bellovin and Merritt [4] were the first to consider authentication based on password only, and introduced a set of so-called “encrypted key exchange” protocols, where the password is used as a secret key to encrypt random numbers for key exchange purpose. Formal models of security for the password-only authentication were first given independently by Bellare et al. [3] and Boyko et al. [8]. Katz et al. [9] were the first to give a password-only authentication protocol.


  1. M. Abdalla and D. Pointcheval, “Simple Password-Based Encrypted Key Exchange Protocols,” Proc. Int’l Conf. Topics in Cryptology (CT-RSA), pp. 191-208, 2005.
  2. M. Abdalla, O. Chevassut, and D. Pointcheval, “One-Time Verifier-Based Encrypted Key Exchange,” Proc. Eighth Int’l Conf. Theory and Practice in Public Key Cryptography (PKC ’05), pp. 47-64,2005.
  3. M. Bellare, D. Pointcheval, and P. Rogaway, “Authenticated Key Exchange Secure against Dictionary Attacks,” Proc. 19th Int’l Conf.Theory and Application of Cryptographic Techniques (Eurocrypt ’00), pp. 139-155, 2000.
  4. S. Bellovin and M. Merritt, “Encrypted Key Exchange: Password-Based Protocol Secure against Dictionary Attack,” Proc. IEEE Symp. Research in Security and Privacy, pp. 72-84, 1992.
  5. D. Boneh and M. Franklin, “Identity Based Encryption from the Weil Pairing,” Proc. 21st Ann. Int’l Cryptology Conf. (Crypto ’01),pp. 213-229, 2001.
  6. Y. Yang, R.H. Deng, and F. Bao, “A Practical Password-Based Two-Server Authentication and key Exchange System,” IEEE Trans. Dependable and Secure Computing, vol. 3, no. 2, pp. 105-114,Apr.-June 2006.
  7. Y. Yang, R.H. Deng, and F. Bao, “Fortifying Password Authentication in Integrated Healthcare Delivery Systems,” Proc. ACM Symp.Information, Computer and Comm. Security (ASIACCS ’06), pp. 255-265, 2006.
  8. X. Yi, R. Tso, and E. Okamoto, “ID-Based Group Password- Authenticated Key Exchange,” Proc. Fourth Int’l Workshop Security:Advances in Information and Computer Security (IWSEC ’09), pp. 192-211, 2009.
  9. J. Katz and M. Yung, “Scalable Protocols for Authenticated GroupKey Exchange,” Proc. Advances in Cryptology Conf. (Crypto ’03), pp. 110-125, 2003