Compact and Efficient Leakage-Resilient Authenticated Key Exchange Protocol

Let us consider the following situation: (1) a user remembers only one password and has some insecure devices with built-in memory while maintaining its connections with many different servers; (2) the counterpart servers are not perfectly secure against possible attacks (e.g., virus or hacker); (3) neither PKI (Public Key Infrastructures) nor TRM (Tamper-Resistant Modules) is available at all. As a currentlyknown solution to the above situation, Shin et al., [1] have proposed a Leakage-Resilient Authenticated Key Exchange (for short, LR-AKE) protocol whose authenticity is based on a user’s password and his/her stored secrets. In this paper, we improve the LR-AKE protocol to be more compact and efficient in aspects of both computation costs and memory size: about 100% decrease of computation costs in the initialization phase and about 96% reduction in memory size. In addition to that, we give a significant countermeasure for minimizing the damage caused by simultaneous leakage of stored secrets from user’s device and server’s database. We also discuss its security under the notion of LRAKE security which ensures enhancement of the overall security level and usability of passwords.