网关口令认证密钥交换协议允许用户和网关在服务器的协助下建立起一令共享的会话密钥.网关口令协议适用于无线通信环境,如GSM和3GPP等.已有的网关口令认证密钥交换协议大多缺乏严格的安全证明,或者是在随机预言模型下证明安全的.该文采用模块化的设计方法提出了在标准模型下构造网关口令协议的通用框架.通用框架可以实现双向认证并且能够抵抗不可检测在线字典攻击,因此具有更强的安全性.利用DDH假设、一次剩余假设和N次剩余假设对通用框架进行实例化可以得到不同的标准模型下可证明安全的网关口令协议.%Protocols for gateway-oriented password-based authenticated key exchange (GPAKE) allow a client and a gateway to establish a common session key with the help of an authentication server. GPAKE protocols are suitable for mobile communication environments such as GSM and 3GPP. To date, only a few GPAKE protocols are known. Most of them are either proven secure in the random oracle model or only have heuristic security arguments. In this paper, we use a modular approach to propose a general framework for constructing GPAKE protocols in the standard model. Our framework is more secure than related GPAKE protocols in the sense that it can achieve mutual authentication and resist undetectable on-line dictionary attacks. Another advantage of the framework is that we can obtain various efficient GPAKE protocols under the DDH assumption, the Quadratic-residuosity assumption and the N-residuosity assumption.
展开▼
