The Security Evaluated Standardized Password Authenticated Key Exchange (SESPAKE) Protocol
draft-smyshlyaev-sespake-16

Document Type Active Internet-Draft (individual)
Last updated 2017-03-22 (latest revision 2016-12-23)
Stream ISE
Intended RFC status Informational
Formats plain text pdf xml html bibtex
IETF conflict review conflict-review-smyshlyaev-sespake
Stream ISE state Sent to the RFC Editor
Consensus Boilerplate Unknown
Document shepherd Nevil Brownlee
Shepherd write-up Show (last changed 2017-01-11)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to "Nevil Brownlee" <rfc-ise@rfc-editor.org>
IANA IANA review state IANA OK - No Actions Needed
IANA action state No IC
RFC Editor RFC Editor state AUTH48
Network Working Group                                 S. Smyshlyaev, Ed.
Internet-Draft                                               E. Alekseev
Intended status: Informational                                 I. Oshkin
Expires: June 26, 2017                                          V. Popov
                                                              CRYPTO-PRO
                                                       December 23, 2016

The Security Evaluated Standardized Password Authenticated Key Exchange
                           (SESPAKE) Protocol
                      draft-smyshlyaev-sespake-16

Abstract

   This document specifies the Security Evaluated Standardized Password
   Authenticated Key Exchange (SESPAKE) protocol.  The SESPAKE protocol
   provides password authenticated key exchange for usage in the systems
   for protection of sensitive information.  The security proofs of the
   protocol were made for the case of an active adversary in the
   channel, including MitM attacks and attacks based on the
   impersonation of one of the subjects.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on June 26, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents

Smyshlyaev, et al.        Expires June 26, 2017                 [Page 1]
Internet-Draft                   SESPAKE                   December 2016

   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions Used in This Document . . . . . . . . . . . . . .   2
   3.  Notations . . . . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Protocol Description  . . . . . . . . . . . . . . . . . . . .   4
     4.1.  Protocol Parameters . . . . . . . . . . . . . . . . . . .   5
     4.2.  Initial Values of the Protocol Counters . . . . . . . . .   6
     4.3.  Protocol Steps  . . . . . . . . . . . . . . . . . . . . .   6
   5.  Construction of Points Q_1,...,Q_N  . . . . . . . . . . . . .  11
   6.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  12
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  12
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  13
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  13
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  14
   Appendix A.  Test Examples for GOST-based Protocol Implementation  14
     A.1.  Examples of Points  . . . . . . . . . . . . . . . . . . .  14
     A.2.  Test Examples of SESPAKE  . . . . . . . . . . . . . . . .  16
   Appendix B.  Point Verification Script  . . . . . . . . . . . . .  27
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  42

1.  Introduction

   The current document contains the description of the password
   authenticated key exchange protocol SESPAKE (security evaluated
   standardized password authenticated key exchange) for usage in the
   systems for protection of sensitive information.  The protocol is
   intended to use for establishment of keys that are then used for
   organization of secure channel for protection of sensitive
   information.  The security proofs of the protocol were made for the
   case of an active adversary in the channel, including MitM attacks
   and attacks based on the impersonation of one of the subjects.

2.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
Show full document text