Encrypted key exchange: password-based protocols secure against dictionary attacks
04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >
Citations
More filters
28 Dec 2015
TL;DR: This research is focused on personal data management and personality analysis in a smartphone based client-server system that functions as not only a source of personal data but also a gateway to manage other wearables and communicate with a server that keeps personal data in a larger amount and a longer period.
Abstract: The data from or about an individual, called personal data, is continuously increasing due to popularity of smart phones, wearables and other ubiquitous devices. Such personal data can be used to model a user and even digitally clone a person, e.g., Cyber-I (cyber individual) that aims at creating a unique and comprehensive description for every individual to support various personalized services and applications. Due to heterogeneity and sensitivity of personal data, one important issue is how to effectively collect and manage person data with sufficient security protection. Another important issue is how to figure out an individual's character, i.e., personality from personal data. Therefore, this research is focused on personal data management and personality analysis in a smartphone based client-server system. The smartphone functions as not only a source of personal data but also a gateway to manage other wearables and communicate with a server that keeps personal data in a larger amount and a longer period. A multi-security mechanism is implemented to ensure data security in collection, transmission and storage. Personality analysis is made from data normalization, feature extraction and clustering, to personality computation based on sociological personality theories.
13 citations
Cites methods from "Encrypted key exchange: password-ba..."
...It supports client-server communications using standard Internet protocols such as HTTPS and FTP, and some special protocol such as DSR (Data Segment Resolution) protocol to distinguish operation, personal data and security information, and EKE (Encrypted Key Exchange) protocol for password authentication [17]....
[...]
01 Mar 2010
TL;DR: The proposed security architecture consists of dynamicKey management, user-oriented group key management, authentication and authorization management and sensitive information management, which guarantee the security of the three major components of sensitive information systems.
Abstract: Protecting sensitive information is a growing concern around the globe. Securing critical data in all sectors, including the business, healthcare and military sectors, has become the first priority of sensitive information management. Failing to protect this asset results in high costs and, more importantly, can also result in lost customers and investor confidence and even threaten national security. Sensitive information systems consist of three major components: communication channel, user interface and sensitive information storage; the protection of these three components equates to the protection of sensitive information itself. Previous research in this area has been limited due to the employment of long-term shared keys and public keys. Currently, no complete security solution exists to help protect sensitive information in the three components. Issues such as dynamic sensitive information ownership, group authentication and authorization and privacy protection also create challenges for the protection of sensitive information systems. The research described in this thesis is based on dynamic key theory and group key theory to present a novel security architecture to enable sensitive information systems to overcome these challenges and meet the desired security goals for the three major components. The proposed security architecture consists of dynamic key management, user-oriented group key management, authentication and authorization management and sensitive information management, which guarantee the security of the three major components of sensitive information systems. Because of the lack of the assessment properties of information security models, a new sensitive information security model is also presented in this thesis to evaluate the effectiveness of security architecture. This model proves that the security architecture satisfies the security goals. It can also be used to assess other security architectures, and thus makes a valuable contribution to the field of sensitive information systems security. In summary, the proposed security architecture offers unique features necessary for the security of sensitive information systems. It also overcomes the limitations associated with existing security approaches and enables the complete protection of the three major components of sensitive information systems.
13 citations
15 Dec 2005
TL;DR: This paper presents concrete countermeasures for two malicious insider attacks, and modify the two group Diffie-Hellman key exchange protocols to be secure against malicious insider password guessing attacks.
Abstract: Very recently, Byun and Lee suggested two provably secure group Diffie-Hellman key exchange protocols using n participant’s distinct passwords. Unfortunately, the schemes were found to be flawed by Tang and Chen. They presented two password guessing attacks such as off-line and undetectable on-line dictionary attacks by malicious insider attacker. In this paper, we present concrete countermeasures for two malicious insider attacks, and modify the two group Diffie-Hellman key exchange protocols to be secure against malicious insider password guessing attacks. Our countermeasures do not require additional round costs, hence they are efficient.
13 citations
Journal Article•
TL;DR: In this paper, the authors present session-key generation protocols in a model where the legitimate parties share only a human-memorizable password, and the security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert and modify messages at their choice.
Abstract: We present session-key generation protocols in a model where the legitimate parties share only a human-memorizable password. The security guarantee holds with respect to probabilistic polynomial-time adversaries that control the communication channel (between the parties), and may omit, insert and modify messages at their choice. Loosely speaking, the effect of such an adversary that attacks an execution of our protocol is comparable to an attack in which an adversary is only allowed to make a constant number of queries of the form is w the password of Party A. We stress that the result holds also in case the passwords are selected at random from a small dictionary so that it is feasible (for the adversary) to scan the entire directory. We note that prior to our result, it was not clear whether or not such protocols were attainable without the use of random oracles or additional setup assumptions.
13 citations
23 Jul 2014
TL;DR: With MVSec, this work proposes novel approaches to secure vehicle-to-mobile communication tailored specifically for vehicular environments and presents novel security protocols and complete implementation and user study results.
Abstract: With the increasing popularity of mobile devices, drivers and passengers will naturally want to connect their devices to their cars. Malicious entities can and likely will try to attack such systems in order to compromise other vehicular components or eavesdrop on privacy-sensitive information. It is imperative, therefore, to address security concerns from the onset of these technologies. While guaranteeing secure wireless vehicle-to-mobile communication is crucial to the successful integration of mobile devices in vehicular environments, usability is of equally critical importance. With MVSec, we propose novel approaches to secure vehicle-to-mobile communication tailored specifically for vehicular environments. We present novel security protocols and provide complete implementation and user study results.
13 citations
Cites methods from "Encrypted key exchange: password-ba..."
...MVSec-I: Protocol using EKE 1....
[...]
...A conventional EKE scheme allows two participating entities to use a shared low-entropy password to derive a temporary shared key that can be used to authenticate the key exchange messages....
[...]
...We use a variant of the EKE scheme by treating a short shared secret Ks (20 bits) as a low entropy password....
[...]
...This protocol makes use of the Encrypted Key Exchange (EKE) [4] and is depicted in Figure 1....
[...]
...This protocol makes use of the Encrypted Key Exchange (EKE) [4] and is depicted in Figure 1....
[...]
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
7,514 citations
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
2,351 citations
Book•
01 Jan 1982TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface)
Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data.
Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further.
Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]