Encrypted key exchange: password-based protocols secure against dictionary attacks
04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >
Citations
More filters
10 Jan 2014
TL;DR: Improved scheme preserving identity privacy also is proposed, in addition to analyze the weakness of Song's scheme, and propose two improved schemes to solve it.
Abstract: Recently, the authentication schemes based on password have been used widely in network environment. It provides a convenient way for users to authenticate him/her to servers. Previously, Xu et al. proposed an improved smart card based password authentication scheme with provable security. Unfortunately, Song pointed out their scheme cannot withstand impersonation attacks. Moreover, Song proposed two improved schemes to solve it, but his first scheme still cannot withstand impersonation attack. This paper in addition to analyze the weakness of Song's scheme, improved scheme preserving identity privacy also proposes.
8 citations
Cites background from "Encrypted key exchange: password-ba..."
...It is called dictionary attack or password-guessing attack [14-15]....
[...]
Journal Article•
TL;DR: A framework for distributed single passwords protocols (DiSPP) is introduced that analyzes existing protocols, improves upon them regarding novel constructions and distributed schemes, and allows exploiting alternative cryptographic primitives to obtain secure distributed single password protocols with various trade-offs.
Abstract: Passwords are the most widely used factor in various areas such as secret sharing, key establishment, and user authentication. Single password protocols are proposed (starting with Belenkiy et. al [4]) to overcome the challenges of traditional password protocols and provide provable security against offline dictionary, man-in-the-middle, phishing, and honeypot attacks. While they ensure provable security, they allow a user securely to use a single low-entropy human memorable password for all her accounts. They achieve this with the help of a cloud or mobile storage device. However, an attacker corrupting both the login server and storage can mount an offline dictionary attack on user’s single password. In this work, we introduce a framework for distributed single password protocols (DiSPP) that analyzes existing protocols, improves upon them regarding novel constructions and distributed schemes, and allows exploiting alternative cryptographic primitives to obtain secure distributed single password protocols with various trade-offs. Previous single password solutions can be instantiated as part of our framework. We further introduce a secure DiSPP instantiation derived from our framework enforcing the adversary to corrupt several cloud and mobile storage devices in addition to the login server in order to perform a successful offline dictionary attack. We also provide a comparative analysis of different solutions derived from our framework.
8 citations
Cites background or methods from "Encrypted key exchange: password-ba..."
...– The user holding the secret S, password pwd and domain name of login server ls computes a PAKE protocol with the login server(s) [5,12,13,31,32, 35, 36], where each login server holds a verification information vInfoi and domain name ls (see Figure 2)....
[...]
...In password authenticated key exchange, following registration, a user and a server wish to establish a session key for a secure and authenticated channel [5,12,13,35,36]....
[...]
TL;DR: Azarderakhsh et al. as mentioned in this paper presented two provably secure password-authenticated key exchange (PAKE) protocols based on a commutative group action, where each password bit is considered separately.
Abstract: We present two provably secure password-authenticated key exchange (PAKE) protocols based on a commutative group action. To date the most important instantiation of isogeny-based group actions is given by CSIDH. To model the properties more accurately, we extend the framework of cryptographic group actions (Alamati et al., ASIACRYPT 2020) by the ability of computing the quadratic twist of an elliptic curve. This property is always present in the CSIDH setting and turns out to be crucial in the security analysis of our PAKE protocols. Despite the resemblance, the translation of Diffie-Hellman based PAKE protocols to group actions either does not work with known techniques or is insecure (“How not to create an isogeny-based PAKE”, Azarderakhsh et al., ACNS 2020). We overcome the difficulties mentioned in previous work by using a “bit-by-bit” approach, where each password bit is considered separately. Our first protocol $$\textsf{X}\text {-}\textsf{GA}\text {-}\textsf{PAKE}_\ell $$ can be executed in a single round. Both parties need to send two set elements for each password bit in order to prevent offline dictionary attacks. The second protocol $$\mathsf {Com\text {-}GA\text {-}PAKE}_\ell $$ requires only one set element per password bit, but one party has to send a commitment on its message first. We also discuss different optimizations that can be used to reduce the computational cost. We provide comprehensive security proofs for our base protocols and deduce security for the optimized versions.
8 citations
09 May 2005
TL;DR: This scheme performs a dual authentication using one-time shared authentication key and generates an encryption key which is used in a symmetric block cipher that solves the problem of identity privacy as well as perfect forward secrecy for future data confidentiality.
Abstract: In order to exchange secure information over the Internet, it is necessary to provide a shared encryption key after dual authentication between the communication parties for data confidentiality. To find an effective authenticated key exchange scheme, many researchers have studied improvement of the Diffie-Hellman key exchange scheme to overcome the weakness of computation complexity and man-in-the-middle attacks. This paper proposes an efficient authentication and key exchange scheme that does not use certificates and public key cryptography, while protecting against man-in-the-middle attacks, replay attacks, DOS attacks and privacy intrusion. This scheme performs a dual authentication using one-time shared authentication key and generates an encryption key which is used in a symmetric block cipher. Our mechanism also includes a secure method that generates an initial seed for creating a one-time shared secret key. In addition, it solves the problem of identity privacy as well as perfect forward secrecy for future data confidentiality.
7 citations
01 Jun 2013
TL;DR: This study aims to develop a robust system that can guarantee the user-participation essential in the communication, and if the involved participants cannot prove that they are human beings, then the system will terminate the connection to prevent the attack.
Abstract: How to provide confidential communications for involved users is always a critical challenge in designing a network system. Especially, people must face malicious attacks while surfing over an insecure network, such as brute force attack, password guessing attack, DOS attack, masquerade attack, replay attack or Trojan horse risk. Let these attacks be surveyed in more detail, and the authors can find the fact that the intruder usually launches these through thousands of trials without the interaction between the user and server. Of course, these trials are performed via bots. Thus, this study aims to develop a robust system that can guarantee the user-participation essential in the communication. That is, if the involved participants cannot prove that they are human beings, then the system will terminate the connection to prevent the attack. To achieve this, the authors apply the techniques of CAPTCHA and visual secret sharing into this system. Aside from proving the correctness of the authentication between the involved participants, the authors have conducted experiments to demonstrate the practicability of the proposed system.
7 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
7,514 citations
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
2,351 citations
Book•
01 Jan 1982TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface)
Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data.
Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further.
Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]