Provably Secure Gateway-Oriented Password-Based Authenticated Key Exchange Protocol Resistant to Password Guessing Attacks

A Gateway-oriented Password-based Authenticated Key Exchange (GPAKE) scheme allows a client to establish an authenticated session key with a gateway via the help of an authentication server, where the client has pre-shared a password with the server. The desirable security properties of a GPAKE include session key semantic security, key privacy against servers, and password guessing attacks resistance. Abdalla et al.'s scheme (Asiacrypt 2005) [1] proposed the first GPAKE scheme, and then Abdalla et al. [13] and Byun et al.'s [2] had respectively proposed their improvements to enhance the security. Unfortunately, we find that all the improved schemes fail to commit the security requirements. In this paper, we point out security weaknesses of the improved scheme. To enhance the security, we propose a new GPAKE scheme, and prove its security in an enhanced model.