AB-PAKE: Achieving Fine-Grained Access Control and Flexible Authentication

Two-factor authentication provides a strong defense against account compromise. However, traditional two-factor authentication schemes cannot provide users with much flexibility and fine-grained authorization. In this work, we present an efficient design of Attribute-Based Password Authenticated Key Exchange (AB-PAKE) protocol, ensuring that only two legitimate users with desired attributes and correct passwords can establish a shared session key. We, for the first time, tackle the problem of "how to enhance a peer-to-peer PAKE scheme by using a storage device (e.g., a smart-phone, a USB token, or a personal computer that the user logs in), such that even if ephemeral secret keys of two participants have been leaked, it still provides user privacy protection and truly two-factor security". AB-PAKE works well in peer-to-peer (i.e., end-to-end) scenarios where the participants expect to hide their real identity information and the peer is enforced to satisfy the defined conditions (aka authentication policy). It achieves flexibility, privacy preservation, and dynamic access control lacking in prior authentication proposals. In addition, our work mitigates a practical threat in authenticated key exchange schemes, namely, the ephemeral secret leakage attack. We aim to increase the attack difficulty and limit password leakage even if the user's long-term key or ephemeral key is leaked. The proposed protocol is also round-optimal, i.e., it is a single-round protocol consisting of only two message flows among the parties. Our new construction of AB-PAKE protocol reduces the number of pairing operations to be constant and supports richer policies. Provable security and practicality are demonstrated by comprehensive analysis.