Encrypted key exchange: password-based protocols secure against dictionary attacks
04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >
Citations
More filters
01 Jan 2008
TL;DR: This work revisits the security requirements of BKGs and shows that common arguments overlook practical subtleties, and proposes an algorithm that probabilistically enumerates the key space of a BKG to find a target user's key.
Abstract: Humans are unable to generate and remember strong secrets, and thus have difficulty managing cryptographic keys. To address this problem, numerous proposals have been suggested to enable people to reliably generate high-entropy cryptographic keys from measurements of their physiology or behavior. Typically, evaluators argue that these Biometric Cryptographic Key Generators (BKGs) achieve some notion of security, for example, that the biometric input resists forgery, or that the keys have high entropy. Unfortunately, despite these arguments, many BKGs succumb to attacks in practice.
The goal of this work is to understand why typical security arguments fail to identify practical attacks. We revisit the security requirements of BKGs and show that common arguments overlook practical subtleties. We provide examples of such oversights by examining three general classes of adversaries. First, we study the impact of humans who can replicate other users' biometrics with high accuracy, and demonstrate why typical evaluation techniques fail to identify these forgers. Second, we explore Generative techniques that combine information about a target user with population statistics to create forgeries. We show that these forgeries can subvert BKGs with high likelihood. Third, we propose an algorithm that probabilistically enumerates the key space of a BKG to find a target user's key. We analyze two BKGs, and show that for each, our algorithm has at least a 15% chance of predicting ostensibly 40-bit keys on its first guess. Our exposition brings to the forefront practical ways of thinking about BKG security, and provides a framework for evaluators to study BKGs with adversarial techniques.
Finally, we present Randomized Biometric Templates (RBTs), a BKG that outputs keys with at least as much entropy as keys derived from passwords. RBTs extract entropy not only from biometric inputs, but also from a novel source: how these inputs are measured. Analysis with our strengthened evaluation techniques show that for some users, RBTs result in dramatically stronger keys. In our experiments, 40% of the users were able to generate keys that were at least 230 times stronger than keys derived from passwords alone.
11 citations
TL;DR: This paper first construct a basic protocol SAPAKE by using the homomorphic encryption scheme and an auxiliary memory device and refine it by removing the use of the memory device to gain an enhanced extension SAPAke+ without increasing the resources consumption.
Abstract: Anonymous password authenticated key exchange (APAKE) protocols allow the server to authenticate its clients without revealing their identities. In this paper, we first construct a basic protocol SAPAKE by using the homomorphic encryption scheme and an auxiliary memory device. Compared with the previous ones, SAPAKE is more suitable for those privacy-sensitive applications (e.g., cloud computing) where reducing server payload and improving user experience are both essential. Furthermore, we refine SAPAKE by removing the use of the memory device to gain an enhanced extension SAPAKE+ without increasing the resources consumption. SAPAKE+ achieves better user-friendliness than SAPAKE while it requires publishing more public parameters. Both of our protocols are practical due to their low (computation and communication) resources consumption and better user-friendliness, and achieve provable security in the random oracle model. Copyright © 2012 John Wiley & Sons, Ltd.
11 citations
21 Nov 2007
TL;DR: A new function to adjust the contention window (CW) in 802.11 ad hoc networks in order to extend the DCF to alleviate the delay, collisions and the packet loss rate and increase the throughput by decreasing collisions when the loads of the network is under heavy loads and collisions among nodes are frequent.
Abstract: The primary medium access control (MAC) technique of IEEE 80211 is called Distributed Coordination Function (DCF), which is adaptive for low traffic loads and nodes' density However, this does not hold when the traffic loads are high This paper proposes a new function to adjust the contention window (CW) in 80211 ad hoc networks in order to extend the DCF Our goal is to alleviate the delay, collisions and the packet loss rate and increase the throughput by decreasing collisions when the loads of the network is under heavy loads and collisions among nodes are frequent The contribution of our proposed algorithm which takes consideration of nodes' density and data rate and can be adaptively adjusted based on the recent networks conditions, is to smooth the collision through tuning the contention window The performances of the IEEE 80211 DCF, enhanced with our adaptation function, are extensively evaluated The experiment results indicate that our proposed scheme outperforms the 80211 DCF standards in terms of packet delay, throughput, packet loss rate and collisions The delay decreases by up to 2397%, total throughput increases up to 1477%, collisions decrease at least 343% and loss rate is 2712% lower
11 citations
29 Jun 2010
TL;DR: This paper proposes a new scheme, enabling a user to use the same password over multiple service servers, and is password-only, and slightly more efficient than the latest two-server password based authentication scheme.
Abstract: The two-server model is quite promising for password based authentication, well suited for the setting of federated enterprises. However, none of the existing two-server password based authentication schemes enables a user to use the same password over multiple service servers, which is deemed an important feature of the two-server model. In this paper, we propose a new scheme, enabling this prominent functionality. Our proposed scheme is password-only, and slightly more efficient than the latest two-server password based authentication scheme.
11 citations
Additional excerpts
..., [1], [2], [4], [5], [7], [8], [14], [16]....
[...]
Dissertation•
01 Jan 2015
TL;DR: Security and Privacy of Biomedical Cyber-Physical Systems: Advances in Information Security and Privacy, 2nd Ed.
Abstract: Security and Privacy of Biomedical Cyber-Physical Systems
11 citations
Cites background from "Encrypted key exchange: password-ba..."
...Additionally, alphanumerical passwords may have limited possible password spaces, and may thus be vulnerable to dictionary and brute force search attacks [36, 178]....
[...]
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
7,514 citations
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
2,351 citations
Book•
01 Jan 1982TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface)
Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data.
Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further.
Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]