Visible to the public UC-secure Two-Server Password-Based Authentication Protocol and Its Applications

TitleUC-secure Two-Server Password-Based Authentication Protocol and Its Applications
Publication TypeConference Paper
Year of Publication2016
AuthorsZhang, Lin, Zhang, Zhenfeng, Hu, Xuexian
Conference NameProceedings of the 11th ACM on Asia Conference on Computer and Communications Security
Date PublishedMay 2016
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4233-9
Keywordscomposability, compositionality, Key exchange, pubcrawl, secret sharing, two-server password-based authentication, universal composability

A two-server password-based authentication (2PA) protocol is a special kind of authentication primitive that provides additional protection for the user's password. Through a 2PA protocol, a user can distribute his low-entropy password between two authentication servers in the initialization phase and authenticate himself merely via a matching password in the login phase. No single server can learn any information about the user's password, nor impersonate the legitimate user to authenticate to the honest server. In this paper, we first formulate and realize the security definition of two-server password-based authentication in the well-known universal composability (UC) framework, which thus provides desirable properties such as composable security. We show that our construction is suitable for the asymmetric communication model in which one server acts as the front-end server interacting directly with the user and the other stays backstage. Then, we show that our protocol could be easily extended to more complicate password-based cryptographic protocols such as two-server password-authenticated key exchange (2PAKE) and two-server password-authenticated secret sharing (2PASS), which enjoy stronger security guarantees and better efficiency performances in comparison with the existing schemes.

Citation Keyzhang_uc-secure_2016