Encrypted key exchange: password-based protocols secure against dictionary attacks
Steven M. Bellovin,Michael Merritt +1 more
- pp 72-84
Reads0
Chats0
TLDR
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.Abstract:
Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >read more
Citations
More filters
Proceedings ArticleDOI
An Improved Authentication Key Agreement Protocol Based on Elliptic Curve for Wireless Mobile Networks
Chin-Chen Chang,Shih-Chang Chang +1 more
TL;DR: An improved authentication key agreement protocol based on elliptic curve for wireless mobile networks that can enhance the security of A- Key distribution protocol in 3GPP2.
Journal ArticleDOI
Cross-Domain Password-Based Authenticated Key Exchange Revisited
TL;DR: In this paper, the authors proposed a generic framework for designing four-party password-based authenticated key exchange (4PAKE) protocols, where the users are not required to have public key certificates, but they simply reuse their login passwords, which they share with their respective domain authentication servers.
Patent
Method, system and computer program for the secured management of network devices
TL;DR: In this paper, a method of managing communications between a first system and the second system in a communication network, includes the steps of negotiating at least one cipher key (Ks) between the first and second systems, and communicating information between the two systems using the SNMP protocol and the cipher key.
Journal Article
Dragonblood: A Security Analysis of WPA3's SAE Handshake.
Mathy Vanhoef,Eyal Ronen +1 more
TL;DR: It is shown that WPA3’s Simultaneous Authentication of Equals (SAE) handshake, commonly known as Dragonfly, is affected by password partitioning attacks, and how to mitigate these attacks in a backwards-compatible manner is discussed.
Proceedings ArticleDOI
A simple three party password based key exchange protocol
TL;DR: A simple three-party password-based key exchange protocol without encrypton based on augmented password is proposed by this way that every client only shares a common password with a trusted server and any two clients can authenticate each other and negotiate a session key relying on the help of the trusted server.
References
More filters
Journal ArticleDOI
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Journal ArticleDOI
A public key cryptosystem and a signature scheme based on discrete logarithms
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Book ChapterDOI
A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Book
Cryptography and data security
TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.