scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

Encrypted key exchange: password-based protocols secure against dictionary attacks

04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >

Content maybe subject to copyright    Report

Citations
More filters
Book ChapterDOI
20 Mar 2017
TL;DR: It is found that because this second style of protocol relies on long term state, it is harder to make them auditable, and that to do so to develop new ideas on how to approximate fair exchange without a TTP is needed.
Abstract: Roscoe recently showed how HISPs, a class of protocol to allow humans to contribute to the creation of secure authentic channels between them, can be made auditable in the sense that a failed attack on them cannot be disguised as communication failure. In this paper we study the same issue for PAKEs: password authenticated key exchange protocols. We find that because this second style of protocol relies on long term state, it is harder to make them auditable, and that to do so we have to develop new ideas on how to approximate fair exchange without a TTP.

11 citations


Cites methods from "Encrypted key exchange: password-ba..."

  • ...The original EKE, [2], is essentially Diffie-Hellman with the DH terms encrypted with a symmetric key s∗ derived from the shared password s using a public, deterministic function f, s∗ = f(s):...

    [...]

  • ...SPEKE (Simple Password Exponential Key Establishment) SPEKE, [6], is essentially a D-H protocol but with the difference that the generator is not fixed and public but rather is computed as an agreed function of the shared secret s, for example: h(s) := (H(s))2 (mod p) The squaring guarantees that g lies in the appropriate subgroup assuming that we are assuming a safe prime p where p = 2q− 1 with q also prime....

    [...]

  • ...PAKE key establishment EKE (Encrypted Key Exchange) The original EKE, [2], is essentially Diffie-Hellman with the DH terms encrypted with a symmetric key s∗ derived from the shared password s using a public, deterministic function f, s∗ = f(s): A→ B : {gx}s∗ B → A : {gy}s∗ The session key is formed as K = gxy....

    [...]

Proceedings ArticleDOI
TL;DR: Two schemes to enhance verification performance in a biometric cryptosystem using password that can resist a password brute-force search if biometrics are not compromised are presented.
Abstract: In this paper, we propose a way to combine a password with a speech biometric cryptosystem. We present two schemes to enhance verification performance in a biometric cryptosystem using password. Both can resist a password brute-force search if biometrics are not compromised. Even if the biometrics are compromised, attackers have to spend many more attempts in searching for cryptographic keys when we compare ours with a traditional password-based approach. In addition, the experimental results show that the verification performance is significantly improved.

11 citations


Cites background from "Encrypted key exchange: password-ba..."

  • ...Their construction follows the approach similar to [2] where a low-entropy password is used to encrypt a high-entropy string....

    [...]

Book ChapterDOI
15 Dec 2005
TL;DR: It is shown that a feature in the Bluetooth standard provides a pragmatic and costless protocol that can eventually repair privateless associations, thanks to mobility, and proves the pragmatic security of the Bluetooth pairing protocol when repairing is used.
Abstract: Despite many good (secure) key agreement protocols based on public-key cryptography exist, secure associations between two wireless devices are often established using symmetric-key cryptography for cost reasons. The consequence is that common daily used security protocols such as Bluetooth pairing are insecure in the sense that an adversary can easily extract the main private key from the protocol communications. Nevertheless, we show that a feature in the Bluetooth standard provides a pragmatic and costless protocol that can eventually repair privateless associations, thanks to mobility. This proves (in the random oracle model) the pragmatic security of the Bluetooth pairing protocol when repairing is used.

11 citations

Book ChapterDOI
Sarvar Patel1
17 Aug 1998
TL;DR: This work presents a different OTASP scheme for each of the following assumptions: 1) availability of a land line, 2) public key of a CA in the handset, 3) weak secret shared by the mobile user and the network, and 4) secret of the mobile users which can only be verified by the network.
Abstract: Mobile users should be able to buy their handsets and then get service from any service provider without physically taking the handset to the provider's location or manually entering long keys and parameters into the handset This capability to activate and provision the handset remotely is part of the current North American wireless standards and is referred to as 'over the air service provisioning' (OTASP) We examine current proposals and point out some of their limitations Often the knowledge shared between the mobile user and the network is not fully specified and hence not exploited We depart from this norm by first providing a classification of various sharing of secrets and secondly we make explicit the assumed shared knowledge and use it to construct various schemes for OTASP We present a different OTASP scheme for each of the following assumptions: 1) availability of a land line, 2) public key of a CA in the handset, 3) weak secret shared by the mobile user and the network, and 4) secret of the mobile user which can only be verified by the network

11 citations


Cites background from "Encrypted key exchange: password-ba..."

  • ...There has been some advance towards password protocols resistant to o-line dictionary attacks [10], [ 3 ], and [9]....

    [...]

  • ...Bellovin and Merritt [ 3 ] made similar protocols called Encrypted Key Exchange (EKE) for two party authentication and key exchange using passwords and still had protection against dictionary attacks....

    [...]

  • ...Some countermeasures are available [ 3 ], [11]....

    [...]

Journal ArticleDOI
TL;DR: A new strong zero knowledge authentication system based on virtual passwords (SAVP) based on salts generated by a cryptographically secure random regenerator, algorithm for dynamic rotation of binary strings, symmetric cryptography primitive, one-way hash function and random nonce to provide mutual authentication.
Abstract: Currently, the security of the users' privacy in public spaces has more concerns especially in web applications. Also, the unconsciousness of users by the importance of the quality cryptographic of these authentication parameters makes their commoditized accounts. Hence, investment in the computer discipline becomes more demanding to prevent potential attacks. In this paper, we intro-duce a new strong zero knowledge authentication system based on virtual passwords (SAVP). Its objective of this paper is to ensure the identification of users on the net-work by ensuring intractability, portability, unpredictability, integrity and reusability of their authentication set- tings. In the second section, we study the difficulties and users habits followed in the selection, storage or memorizing passwords, as well, the evolution and the limits of all categories of texture password authentication. Also, we locate the importance of integration of salts in authentication mechanisms and their impacts on the robustness of passwords regenerated. As for the third section, we start with a detail description of all mechanisms and component contributing to the robustness of our mutual authentication system. Our goal is to provide a strong zero knowledge authentication system based on salts generated by a cryptographically secure random regenerator, algorithm for dynamic rotation of binary strings, symmetric cryptography primitive, one-way hash function and random nonce to provide mutual authentication. The security analysis of our proposal, which is the goal of the fourth section, shows their ability to resist against multiple types of attacks.

11 citations


Cites background from "Encrypted key exchange: password-ba..."

  • ...At present, they are three strong alternative password authentication systems: Onetime Passwords [2, 13], Object Passwords [16] and Virtual Passwords [14, 29]....

    [...]

  • ...Bellovin and Merrit [2], proposed a protocol for exchange of encrypted keys (EKE) and then its extension, which allows preventing the dictionary attacks and the compromise of password files....

    [...]

References
More filters
Journal ArticleDOI
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.

14,980 citations


"Encrypted key exchange: password-ba..." refers background or methods in this paper

  • ...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....

    [...]

  • ...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....

    [...]

  • ...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....

    [...]

  • ...It works especially well with exponential key exchange [2]....

    [...]

Journal ArticleDOI
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.

14,659 citations


"Encrypted key exchange: password-ba..." refers methods in this paper

  • ...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....

    [...]

  • ...We will use RSA[ 3 ] to illustrate the difficulties....

    [...]

Journal ArticleDOI
Taher Elgamal1
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.

7,514 citations

Book ChapterDOI
Taher Elgamal1
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.

2,351 citations

Book
01 Jan 1982
TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface) Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data. Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further. Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.

1,937 citations


"Encrypted key exchange: password-ba..." refers background in this paper

  • ...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....

    [...]