Proceedings ArticleDOI
Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise
Steven M. Bellovin,Michael Merritt +1 more
- pp 244-250
TLDR
Two ways to accomplish EKE augmented so that hosts do not store cleartext passwords are shown, one using digital signatures and one that relies on a family of commutative one-way functions.Abstract:
The encrypted key exchange (EKE) protocol is augmented so that hosts do not store cleartext passwords. Consequently, adversaries who obtain the one-way encrypted password file may (i) successfully mimic (spoof) the host to the user, and (ii) mount dictionary attacks against the encrypted passwords, but cannot mimic the user to the host. Moreover, the important security properties of EKE are preserved—an active network attacker obtains insufficient information to mount dictionary attacks. Two ways to accomplish this are shown, one using digital signatures and one that relies on a family of commutative one-way functions.read more
Citations
More filters
Proceedings ArticleDOI
SPINS: security protocols for sensor networks
TL;DR: A suite of security building blocks optimized for resource-constrained environments and wireless communication, and shows that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of the network.
Journal ArticleDOI
SPINS: security protocols for sensor networks
TL;DR: A suite of security protocols optimized for sensor networks: SPINS, which includes SNEP and μTESLA and shows that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of the network.
Book ChapterDOI
Authenticated key exchange secure against dictionary attacks
TL;DR: Correctness for the idea at the center of the Encrypted Key-Exchange protocol of Bellovin and Merritt is proved: it is proved security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.
Book ChapterDOI
Provably secure password-authenticated key exchange using Diffie-Hellman
TL;DR: The first Diffie-Hellman-based password-authenticated key exchange protocol was proposed in this article, which is provably secure in the random oracle model against both passive and active adversaries.
Book
Protocols for Authentication and Key Establishment
Colin Boyd,Anish Mathuria +1 more
TL;DR: This is the first comprehensive and integrated treatment of protocols for authentication and key establishment, which allows researchers and practitioners to quickly access a protocol for their needs and become aware of existing protocols which have been broken in the literature.
References
More filters
Journal ArticleDOI
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Journal ArticleDOI
A public key cryptosystem and a signature scheme based on discrete logarithms
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Journal ArticleDOI
On the security of public key protocols
Danny Dolev,Andrew Chi-Chih Yao +1 more
TL;DR: Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.
Proceedings ArticleDOI
Encrypted key exchange: password-based protocols secure against dictionary attacks
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.