Encrypted key exchange: password-based protocols secure against dictionary attacks
Steven M. Bellovin,Michael Merritt +1 more
- pp 72-84
Reads0
Chats0
TLDR
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.Abstract:
Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >read more
Citations
More filters
Journal ArticleDOI
Secure modular password authentication for the web using channel bindings
TL;DR: In this paper, the authors propose a protocol called password-authenticated and confidential channel establishment (PACCE), which is based on the TLS protocol and can be implemented with no modifications to the secure channel protocol library.
Journal ArticleDOI
Password-only authenticated key establishment protocol without public key cryptography
TL;DR: A scenario in which a user and a server can authenticate each other and generate a strong session key through a symmetric cipher by their shared weak (low-entropy) password in an insecure channel is considered and a protocol to resolve this problem is proposed.
Book ChapterDOI
Efficient password-authenticated key exchange based on RSA
TL;DR: This paper compares RSA-EPAKE with SNAPI, PEKEP, and CEKEP in computation and the number of rounds, and provides a formal security analysis of RSA- EPAKE under the RSA assumption in the random oracle model.
Journal ArticleDOI
Password-based user authentication and key distribution protocols for client-server applications
Her-Tyan Yeh,Hung-Min Sun +1 more
TL;DR: This paper discusses another environment in which a user (client) requests service from an application server through an authentication server and proposes two secure and efficient authentication protocols to fit this environment.
Journal ArticleDOI
Resource-aware protocols for authenticated group key exchange in integrated wired and wireless networks
TL;DR: A secure and efficient protocol for resource-aware group key exchange over the rapidly expanding IWW networks by evenly spreading much of the total amount of computation across high power users, which avoids any potential performance bottleneck of the system while keeping the burden on low power users at minimal.
References
More filters
Journal ArticleDOI
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Journal ArticleDOI
A public key cryptosystem and a signature scheme based on discrete logarithms
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Book ChapterDOI
A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Book
Cryptography and data security
TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.