{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T17:41:12Z","timestamp":1755798072622,"version":"3.41.0"},"reference-count":43,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2014,4,1]],"date-time":"2014-04-01T00:00:00Z","timestamp":1396310400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2014,4]]},"abstract":"<jats:p>\n            We revisit the problem of secure cross-domain communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted\n            <jats:italic>certificate authority<\/jats:italic>\n            (CA), or the associated domain authentication servers share a long-term secret key. In this article, we propose a generic framework for designing\n            <jats:italic>four-party password-based authenticated key exchange<\/jats:italic>\n            (4PAKE) protocols. Our framework takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords, which they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that certify some key materials that the users can subsequently use to exchange and agree on as a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange (2PAKE) protocol and two-party asymmetric-key\/symmetric-key-based key exchange (2A\/SAKE) protocol as black boxes, we combine them to obtain generic and provably secure 4PAKE protocols.\n          <\/jats:p>","DOI":"10.1145\/2584681","type":"journal-article","created":{"date-parts":[[2014,5,7]],"date-time":"2014-05-07T12:48:53Z","timestamp":1399466933000},"page":"1-32","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Cross-Domain Password-Based Authenticated Key Exchange Revisited"],"prefix":"10.1145","volume":"16","author":[{"given":"Liqun","family":"Chen","sequence":"first","affiliation":[{"name":"HP Labs, UK"}]},{"given":"Hoon Wei","family":"Lim","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}]},{"given":"Guomin","family":"Yang","sequence":"additional","affiliation":[{"name":"University of Wollongong, Australia"}]}],"member":"320","published-online":{"date-parts":[[2014,4]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30580-4_6"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-011-0125-6"},{"volume-title":"Proceedings of ASIACRYPT. 531--545","author":"Bellare M.","key":"e_1_2_1_3_1"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/168588.168596"},{"volume-title":"Proceedings of CRYPTO. 232--249","author":"Bellare M.","key":"e_1_2_1_5_1"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/225058.225084"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/276698.276854"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1006\/jcss.1999.1694"},{"volume-title":"Proceedings of EUROCRYPT. 139--155","author":"Bellare M.","key":"e_1_2_1_9_1"},{"volume-title":"Proceedings of the IEEE Symposium on Research in Security and Privacy. 72--84","author":"Bellovin S. M.","key":"e_1_2_1_10_1"},{"volume-title":"Proceedings of EUROCRYPT. 156--171","author":"Boyko V.","key":"e_1_2_1_11_1"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2006.08.040"},{"volume-title":"Proceedings of ICICS. 134--146","author":"Byun J. W.","key":"e_1_2_1_13_1"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2007.03.024"},{"volume-title":"Proceedings of EUROCRYPT. 453--474","author":"Canetti R.","key":"e_1_2_1_15_1"},{"key":"e_1_2_1_16_1","first-page":"263","article-title":"Cryptanalysis of some client-to-client password-authenticated key exchange protocols","volume":"4","author":"Cao T.","year":"2009","journal-title":"J. Netw."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ic.2007.05.005"},{"key":"e_1_2_1_18_1","unstructured":"Chen L. 2003. A weakness of the password-authenticated key agreement between clients with different passwords scheme. ISO\/IEC JTC1\/SC27 N3716. Circulated at The 27th SC27\/WG2 Meeting in Paris France.  Chen L. 2003. A weakness of the password-authenticated key agreement between clients with different passwords scheme. ISO\/IEC JTC1\/SC27 N3716. Circulated at The 27th SC27\/WG2 Meeting in Paris France."},{"key":"e_1_2_1_19_1","unstructured":"Dierks T. and Rescorla E. 2008. The TLS protocol version 1.2. The Internet Engineering Task Force (IETF) RFC 5246.  Dierks T. and Rescorla E. 2008. The TLS protocol version 1.2. The Internet Engineering Task Force (IETF) RFC 5246."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1976.1055638"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1011132312956"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-01877-0_7"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1137\/0217017"},{"key":"e_1_2_1_24_1","unstructured":"Hur M. Tung B. Ryutov T. Neuman C. Medvinsky A. Tsudik G. and Sommerfeld B. 2001. Public key cryptography for cross-realm authentication in Kerberos. The Internet Engineering Task Force (IETF) Internet Draft (expires May 2002).  Hur M. Tung B. Ryutov T. Neuman C. Medvinsky A. Tsudik G. and Sommerfeld B. 2001. Public key cryptography for cross-realm authentication in Kerberos. The Internet Engineering Task Force (IETF) Internet Draft (expires May 2002)."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/242896.242897"},{"key":"e_1_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Kohl J. and Neuman C. 1993. The Kerberos Network Authentication Service (V5). IETF RFC 1510.   Kohl J. and Neuman C. 1993. The Kerberos Network Authentication Service (V5). IETF RFC 1510.","DOI":"10.17487\/rfc1510"},{"volume-title":"IKE-protocols. In Proceedings of CRYPTO. 400--425","year":"2003","author":"Krawczyk H.","key":"e_1_2_1_27_1"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/138873.138874"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022595222606"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/11889663_2"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/35.312841"},{"key":"e_1_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Neuman C. Yu T. Hartman S. and Raeburn K. 2005. The Kerberos network authentication service (V5). The Internet Engineering Task Force (IETF) RFC 4120.  Neuman C. Yu T. Hartman S. and Raeburn K. 2005. The Kerberos network authentication service (V5). The Internet Engineering Task Force (IETF) RFC 4120.","DOI":"10.17487\/rfc4120"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/11496137_3"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/11941378_9"},{"volume-title":"Proceedings of IWAP. 3--16","year":"2005","author":"Price G.","key":"e_1_2_1_35_1"},{"key":"e_1_2_1_36_1","unstructured":"Shoup V. 1999. On formal models for secure key exchange. IBM Research Report RZ 3120.  Shoup V. 1999. On formal models for secure key exchange. IBM Research Report RZ 3120."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-002-0133-9"},{"volume-title":"Proceedings of ACISP. 358--369","author":"Tin Y.S. T.","key":"e_1_2_1_38_1"},{"volume-title":"Proceedings of ACNS. 414--425","author":"Wang S.","key":"e_1_2_1_39_1"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/174613.174614"},{"key":"e_1_2_1_41_1","first-page":"649","article-title":"Client-to-client password-based authenticated key establishment in a cross-realm setting","volume":"4","author":"Wu S.","year":"2009","journal-title":"J. Netw."},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/11780656_33"},{"key":"e_1_2_1_43_1","doi-asserted-by":"crossref","unstructured":"Zhu L. and Tung B. 2006. Public key cryptography for initial authentication in Kerberos (PKINIT). The Internet Engineering Task Force (IETF) RFC 4556.  Zhu L. and Tung B. 2006. Public key cryptography for initial authentication in Kerberos (PKINIT). The Internet Engineering Task Force (IETF) RFC 4556.","DOI":"10.17487\/rfc4556"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2584681","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2584681","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T07:01:43Z","timestamp":1750230103000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2584681"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,4]]},"references-count":43,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2014,4]]}},"alternative-id":["10.1145\/2584681"],"URL":"https:\/\/doi.org\/10.1145\/2584681","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2014,4]]},"assertion":[{"value":"2013-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2014-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2014-04-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}