In September 2017, the J-PAKE protocol was formally published as an international standard in ISO/IEC 11770-4 (2017), and in RFC 8236 by IETF. J-PAKE is a password-authenticated key exchange protocol, first designed by Dr Feng Hao (School of Computing, Newcastle University) and Prof Peter Ryan (University of Luxembourg) in 2008. It serves as a foundational technique to establish secure communication between two remote parties based on a shared password without requiring any trusted third party.
J-PAKE has also been adopted by the Thread Group as an industry standard for the IoT commissioning process, i.e., securely adding new IoT devices to an existing network. The Thread Group is a major IoT consortium with the mission to define industry standards for the upcoming IoT era, and its members include Google, ARM, NXP, Silicon Lab, Huawei, LG, Microsoft, Philips, Qualcomm, Bosch, Siemens, Verizon, Yale, and many others.
Today, J-PAKE has already been used by many million users in commercial products, e.g., Palemoon Sync, Google Nest, ARM mbed OS, OpenSSL, Mozilla NSS, and Bouncycastle API. It’s expected that the standardization of J-PAKE in ISO/IEC will further encourage the adoption of this technique in wider security applications. A video that shows the industrial use of J-PAKE in NXP products to securely enrol a new IoT device into the Thread network can be seen below.
published on: 18 September 2017