Authenticated key exchange secure against dictionary attacks
Mihir Bellare,David Pointcheval,Phillip Rogaway +2 more
- pp 139-155
TLDR
Correctness for the idea at the center of the Encrypted Key-Exchange protocol of Bellovin and Merritt is proved: it is proved security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.Abstract:
Password-based protocols for authenticated key exchange (AKE) are designed to work despite the use of passwords drawn from a space so small that an adversary might well enumerate, off line, all possible passwords. While several such protocols have been suggested, the underlying theory has been lagging. We begin by defining a model for this problem, one rich enough to deal with password guessing, forward secrecy, server compromise, and loss of session keys. The one model can be used to define various goals. We take AKE (with "implicit" authentication) as the "basic" goal, and we give definitions for it, and for entity-authentication goals as well. Then we prove correctness for the idea at the center of the Encrypted Key-Exchange (EKE) protocol of Bellovin and Merritt: we prove security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.read more
Citations
More filters
Book ChapterDOI
Provably secure password-authenticated key exchange using Diffie-Hellman
TL;DR: The first Diffie-Hellman-based password-authenticated key exchange protocol was proposed in this article, which is provably secure in the random oracle model against both passive and active adversaries.
Book ChapterDOI
Password-Based authenticated key exchange in the three-party setting
TL;DR: This paper presents a natural generic construction of a three-party protocol, based on any two-party authenticated key exchange protocol, and proves its security without making use of the Random Oracle model, which is the first provably-secure password-based protocol in the three- party setting.
Book ChapterDOI
Stronger security of authenticated key exchange
TL;DR: In this paper, a more compact, integrated, and comprehensive formulation of the Canetti-Krawczyk security model for authenticated key exchange (AKE) protocols is presented.
Proceedings ArticleDOI
Provably authenticated group Diffie-Hellman key exchange
TL;DR: This paper presents a security model for this problem and uses it to precisely define AKE (with "implicit" authentication) as the fundamental goal, and the entity-authentication goal as well, and defines the execution of an authenticated group Diffie-Hellman scheme and proves its security.
Proceedings Article
Stronger password authentication using browser extensions
TL;DR: A browser extension, PwdHash, that transparently produces a different password for each site, improving web password security and defending against password phishing and other attacks is described.
References
More filters
Book ChapterDOI
Entity authentication and key distribution
Mihir Bellare,Phillip Rogaway +1 more
TL;DR: This work provides the first formal treatment of entity authentication and authenticated key distribution appropriate to the distributed environment and presents a definition, protocol, and proof that the protocol meets its goal, assuming only the existence of a pseudorandom function.
Proceedings ArticleDOI
Encrypted key exchange: password-based protocols secure against dictionary attacks
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Book ChapterDOI
Provably secure password-authenticated key exchange using Diffie-Hellman
TL;DR: The first Diffie-Hellman-based password-authenticated key exchange protocol was proposed in this article, which is provably secure in the random oracle model against both passive and active adversaries.
Journal ArticleDOI
Timestamps in key distribution protocols
TL;DR: It is shown that key distribution protocols with timestamps prevent replays of compromised keys and have the additional benefit of replacing a two-step handshake.
Proceedings ArticleDOI
Provably secure session key distribution: the three party case
Mihir Bellare,Phillip Rogaway +1 more
TL;DR: This paper provides the first treatment of session key distribution in the three-party setting of Needham and Schroeder in the complexity-theoretic framework of modern cryptography, assuming the (minimal) assumption of a pseudorandom function.