Encrypted key exchange: password-based protocols secure against dictionary attacks
04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >
Citations
More filters
24 Apr 2010
TL;DR: This paper presents an attack to illustrate the adversary is able to masquerade any user to access the server's service in their protocol once if the long-term key of the server is compromised and proposes an improved protocol to eliminate the security weakness existing in Yang et al's protocol.
Abstract: Most recently, Yang et al proposed a new set of security requirements for two-factor smart-card-based password mutual authentication and then suggested a new scheme satisfying all their security requirements. In this paper, however, we first show one critical security weakness being overlooked, i.e., allowing key-compromise impersonation. We provide an attack to illustrate the adversary is able to masquerade any user to access the server's service in their protocol once if the long-term key of the server is compromised. Thereafter, we suggests key-compromise impersonation resilience should be added as one more important security requirement for two-factor smart-card based password mutual authentication and then propose an improved protocol to eliminate the security weakness existing in Yang et al's protocol.
13 citations
Cites background from "Encrypted key exchange: password-ba..."
...Therefore, the goal of password-based protocols is to prevent off-line dictionary attacks and restrict the adversary’s success to on-line guessing attacks only....
[...]
25 Oct 2018
TL;DR: The Simple Password-Based Encrypted Key Exchange (SPAKE2) protocol of Abdalla and Pointcheval is being considered by the IETF for standardization and integration in TLS 1.3.
Abstract: Currently, the Simple Password-Based Encrypted Key Exchange (SPAKE2) protocol of Abdalla and Pointcheval (CT-RSA 2005) is being considered by the IETF for standardization and integration in TLS 1.3. Although it has been proven secure in the Find-then-Guess model of Bellare, Pointcheval and Rogaway (EUROCRYPT 2000), whether it satisfies some notion of forward secrecy remains an open question.
13 citations
TL;DR: Acar et al. as discussed by the authors proposed a solution where offline dictionary attacks are impossible as long as the adversary does not corrupt both the login server and the storage provider, and the solution can be used to authenticate a user with a human-memorable low entropy password.
Abstract: Passwords are the most widely used form of online user authentication. In a traditional setup, the user, who has a human-memorable low entropy password, wants to authenticate with a login server. Unfortunately, existing solutions in this setting are either non-portable or insecure against many attacks, including phishing, man-in-the-middle, honeypot, and offline dictionary attacks. Three previous studies (Acar et al. 2013, Bicakci et al. 2011, and Jarecki et al. 2016) provide solutions secure against offline dictionary attacks by additionally employing a storage provider (either a cloud storage or a mobile device for portability). These works provide solutions where offline dictionary attacks are impossible as long as the adversary does not corrupt both the login server and the storage provider.
13 citations
13 Mar 2006
TL;DR: This work describes secure schemes which utilize auxiliary channels in addition to that afforded by the open medium of radio, and shows that auxiliary channels can reduce public-key operations, reduce computational complexity, and strengthen security against an active adversary on the open channel, and against an eavesdropper on the auxiliary channels.
Abstract: We consider group key agreement (GKA) protocols, used by a group of peers to establish a shared secret key for multicast communications. There has been much previous work to improve the security, efficiency and scalability of such protocols. In our work, we describe secure schemes which utilize auxiliary channels in addition to that afforded by the open medium of radio. Such channels are often present in a human-centric pervasive ad-hoc networking scenario, though often neglected. We show that auxiliary channels can reduce public-key operations, reduce computational complexity, and strengthen security against an active adversary on the open channel, and against an eavesdropper on the auxiliary channels. Group key agreement protocols are usually often contextualized by their topology. We applied multi-channel schemes to different topologies, and found that the ideal topology may be different for different channels.
13 citations
Cites background from "Encrypted key exchange: password-ba..."
...Their first protocol is a multi-party extension of the 2-party EKE [4], and the group has a ‘star’ topology....
[...]
10 Sep 2015
TL;DR: A protocol combining a Physical Unclonable Function PUF with Password-based Authenticated Key Exchange PAKE provides mutual multifactor authentication between client and server and establishes a session key between the authenticated parties, important features that were not found simultaneously in the literature of PUF-based authentication.
Abstract: In this work we propose a protocol combining a Physical Unclonable Function PUF with Password-based Authenticated Key Exchange PAKE. The resulting protocol provides mutual multifactor authentication between client and server and establishes a session key between the authenticated parties, important features that were not found simultaneously in the literature of PUF-based authentication. The combination can be adapted to support a panic password which allows the client to notify the server in case of emergency. Moreover, a novel protocol for two-factor transaction authentication is proposed. This ensures that only parties authenticated in the current session can realize valid bank transactions.
13 citations
Cites background or methods from "Encrypted key exchange: password-ba..."
...The second part is flexible and can be performed by any secure PAKE [15,16,20]....
[...]
...The first PAKEs arised in the 90s, with the Diffie-Hellman Encrypted Key Exchange (DH-EKE) protocol in 1992 [15] and the Simple Password Exponential Key Exchange (SPEKE) protocol in 1996 [16]....
[...]
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
7,514 citations
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
2,351 citations
Book•
01 Jan 1982TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface)
Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data.
Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further.
Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]