Encrypted key exchange: password-based protocols secure against dictionary attacks
Steven M. Bellovin,Michael Merritt +1 more
- pp 72-84
TLDR
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.Abstract:
Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >read more
Citations
More filters
Book ChapterDOI
Authenticated Key Exchange Protocol Secure against Offline Dictionary Attack and Server Compromise
TL;DR: This paper introduces a new scheme, called Augmented Password AKE (APAKE), for authenticated key exchange protocols, where a password is represented by a pair of values that is randomly selected in a huge space.
Book ChapterDOI
Usability of display-equipped RFID tags for security purposes
TL;DR: This paper focuses exclusively on techniques with user involvement for secure user-to-tag authentication, transaction verification, reader expiration and revocation checking, as well as association of RFID tags with other personal devices.
Proceedings ArticleDOI
What are multi-protocol guessing attacks and how to prevent them
Sreekanth Malladi,Jim Alves-Foss +1 more
TL;DR: A systematic procedure to analyze protocols subject to guessing attacks is developed and this procedure is used to derive some syntactic conditions to be followed, in order for a protocol to be secure against multi-protocol guessing attacks.
Book ChapterDOI
Post-Quantum Secure Remote Password Protocol from RLWE Problem
TL;DR: A RLWE-based SRP protocol (RLWE-SRP) which inherit advantages from SRP and elegant design from RLWE key exchange is proposed which is more than 3x faster than 112-bit secure originalSRP protocol, 5.5X faster than 80-bitSecure J-PAKE and 14x faster Than two 184-bit Secure RLWE -based PAKE protocols with more desired properties.
Book ChapterDOI
On the Provable Security of the Dragonfly Protocol
Jean Lancrenon,Marjan Skrobot +1 more
TL;DR: This paper proves the security of a very close variant of Dragonfly in the random oracle model, which shows in particular that Dragonfly's main flows - a kind of Diffie-Hellman variation with a password-derived base - are sound.
References
More filters
Journal ArticleDOI
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Journal ArticleDOI
A public key cryptosystem and a signature scheme based on discrete logarithms
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Book ChapterDOI
A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Book
Cryptography and data security
TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.