Password-only authenticated key exchange between two agents in the four-party setting

Abstract

Agent technology is emerging as a new software paradigm in the areas of distributed computing. The use of multiple agents is a common technique in agent-based systems. In distributed agent systems, it is often required for two agents to communicate securely over a public network. Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two agents attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients (or, two agents) trying to establish a secret key are registered with different authentication servers. In this paper, we propose a new protocol designed carefully for four-party password authenticated key exchange that requires each agent only to remember a password shared with its authentication server. © Springer-Verlag Berlin Heidelberg 2007.