The Library
SoK : password-authenticated key exchange - theory, practice, standardization and real-world lessons
Tools
Hao, Feng and van Oorschot, Paul (2022) SoK : password-authenticated key exchange - theory, practice, standardization and real-world lessons. In: 17th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2022), Nagasaki, Japan ; Virtual, 30 May - 3 Jun 2022. Published in: ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security pp. 697-711. doi:10.1145/3488932.3523256
|
PDF
WRAP-SoK-password-authenticated-key-exchange-theory-practice-standardization-real-world-lessons-Hao-2022.pdf - Accepted Version - Requires a PDF viewer. Download (823Kb) | Preview |
Official URL: https://doi.org/10.1145/3488932.3523256
Abstract
Password-authenticated key exchange (PAKE) is a major area of cryptographic protocol research and practice. Many PAKE proposals have emerged in the 30 years following the original 1992 Encrypted Key Exchange (EKE), some accompanied by new theoretical models to support rigorous analysis. To reduce confusion and encourage practical development, major standards bodies including IEEE, ISO/IEC and the IETF have worked towards standardizing PAKE schemes, with mixed results. Challenges have included contrasts between heuristic protocols and schemes with security proofs, and subtleties in the assumptions of such proofs rendering some schemes unsuitable for practice. Despite initial difficulty identifying suitable use cases, the past decade has seen PAKE adoption in numerous large-scale applications such as Wi-Fi, Apple's iCloud, browser synchronization, e-passports, and the Thread network protocol for Internet of Things devices. Given this backdrop, we consolidate three decades of knowledge on PAKE protocols, integrating theory, practice, standardization and real-world experience. We provide a thorough and systematic review of the field, a summary of the state-of-the-art, a taxonomy to categorize existing protocols, and a comparative analysis of protocol performance using representative schemes from each taxonomy category. We also review real-world applications, summarize lessons learned, and highlight open research problems related to PAKE protocols.
Item Type: | Conference Item (Paper) | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Subjects: | T Technology > TK Electrical engineering. Electronics Nuclear engineering | |||||||||||||||
Divisions: | Faculty of Science, Engineering and Medicine > Science > Computer Science | |||||||||||||||
Library of Congress Subject Headings (LCSH): | Public key cryptography, Data encryption (Computer science), Computer networks -- Security measures | |||||||||||||||
Journal or Publication Title: | ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security | |||||||||||||||
Publisher: | ACM | |||||||||||||||
Official Date: | 30 May 2022 | |||||||||||||||
Dates: |
|
|||||||||||||||
Page Range: | pp. 697-711 | |||||||||||||||
DOI: | 10.1145/3488932.3523256 | |||||||||||||||
Status: | Peer Reviewed | |||||||||||||||
Publication Status: | Published | |||||||||||||||
Reuse Statement (publisher, data, author rights): | © ACM, 2022 This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, 30/05/2022 http://doi.acm.org/10.1145//3488932.3523256 | |||||||||||||||
Access rights to Published version: | Restricted or Subscription Access | |||||||||||||||
Date of first compliant deposit: | 14 March 2022 | |||||||||||||||
Date of first compliant Open Access: | 6 June 2022 | |||||||||||||||
RIOXX Funder/Project Grant: |
|
|||||||||||||||
Conference Paper Type: | Paper | |||||||||||||||
Title of Event: | 17th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2022) | |||||||||||||||
Type of Event: | Conference | |||||||||||||||
Location of Event: | Nagasaki, Japan ; Virtual | |||||||||||||||
Date(s) of Event: | 30 May - 3 Jun 2022 | |||||||||||||||
Related URLs: |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |
Downloads
Downloads per month over past year