Key agreement protocol is an information security technique that allows two or more entities to agree upon a secret key and use it over a non-secure channel for private communication and authentication. Key agreement protocol was first presented in 1976 by W. Diffie and M. Hellman [1] and has become the most well-known technique used. A password-based authenticated key exchange (PAKE) is a type of key agreement which enables two parties to mutually authenticate basing solely on human memorable passwords.

Normally cryptographic keys were the only way to ensure the authentication part, those long-term keys require adding a cryptographic device to store them, therefore substituting keys with password seems to be much more convenient. Besides, such protocol is able to avoid usi...[ Read more ]

Key agreement protocol is an information security technique that allows two or more entities to agree upon a secret key and use it over a non-secure channel for private communication and authentication. Key agreement protocol was first presented in 1976 by W. Diffie and M. Hellman [1] and has become the most well-known technique used. A password-based authenticated key exchange (PAKE) is a type of key agreement which enables two parties to mutually authenticate basing solely on human memorable passwords.

Normally cryptographic keys were the only way to ensure the authentication part, those long-term keys require adding a cryptographic device to store them, therefore substituting keys with password seems to be much more convenient. Besides, such protocol is able to avoid using the public key infrastructure (PKI), accordingly, PAKE gained a lot of importance during the past few years, nevertheless, the design of a PAKE protocol is harder due to the low entropy passwords. At the beginning of this thesis we start by introducing some mathematical tools which are compulsory to the design and understanding protocols. Then, we present some of the most studied authenticated key agreement protocols found in the literature. Furthermore, we specifically analyze password-based authenticated key exchange protocols SNAPI, PEKEP, RSA-EPAKE which are all based on RSA, the evaluation of those protocols show that SNAPI and PEKEP are computationally inefficient, while Youn [2] has proved that RSA-EPAKE is vulnerable to the separation attack.

At the end we propose two new PAKE protocols based on RSA, the first one is for a tripartite setting and the second is for the group setting. The security analysis and the efficiency analysis show that our new protocols can resist all known attacks.

Keywords: Three Party Authenticated Key Establishment, Authentication, Cryptography, Key Exchange Protocols, RSA based Authentication.