1. Field
The present disclosure relates to network security technology, and more particularly, to an authentication method and an apparatus for the same.
2. Discussion of Related Art
Password authenticated key exchange (PAKE) is a process in which two or more parties participating in communication share a secret key for encrypted communication on the basis of a password that at least one of the parties knows. According to ways of implementing PAKE, PAKE may be classified into PAKE based on a public key certificate and PAKE based on a non-public key certificate.
PAKE based on a public key certificate involves a process of performing public key authentication for key exchange at all times, and when a private key of a server leaks, neither of the forward security and the backward security of the corresponding account is ensured. To solve such a problem of PAKE based on a public key certificate, PAKE based on a non-public key certificate (relevant standards: IEEE P1363.2 and ISO/IEC 11770-4) was proposed, but has a new problem in that migration of an existing system and parameter updates are difficult due to a verifier creation scheme of exponentiating a password itself and storing the result. In addition, since PAKE based on a public key certificate involves combining a password itself with a group parameter, a relatively large amount of real-time computation is necessary to cope with an offline analysis of the combination, and it is impossible to make message flow of a protocol flexible.