Online services such as Amazon and Netflix, where the user is required to login to access the service, are ever present. The most common means of logging into such services is by providing a username and password. In order to verify that the client provided the correct password, the server needs to store the password the client chose when they registered at the service. Such password databases have been leaked in many data breaches in the past due to servers getting compromised. Obtaining a client's password through such a leak allows an attacker to impersonate the client towards the service. A concept, which aims to solve this issue, is password-authenticated key exchange (PAKE). In a PAKE, the client and the server compute a shared key only if the password provided by the client is correct. The advantage of PAKE is that even if the server gets compromised, the attacker cannot do any better than trying to guess the client's password. To assure that a proposed PAKE scheme actually achieves this security guarantee, a formal security proof is conducted, typically showing that if some computational problem is hard, then the scheme is secure. There are two common security models, in which the security proofs are conducted. While both models have their advantages, there are also clear drawbacks to both. In this project we aim to develop a better understanding of the existing security models and their limitations in order to be able to address these issues and improve the security models. We furthermore plan to use the improved security models to analyze the security of several soon-to-be-standardized PAKE schemes and develop new practical and efficient schemes.

DFG Programme Research Grants