Encrypted key exchange: password-based protocols secure against dictionary attacks
Steven M. Bellovin,Michael Merritt +1 more
- pp 72-84
TLDR
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.Abstract:
Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >read more
Citations
More filters
DissertationDOI
A security framework for mobile health data collection.
TL;DR: The SecourHealth is presented, a security framework for mHealth data collection applications designed to cope with six main security requirements, and the framework modeling and development steps showing how it was integrated into an application for the Android platform are described.
Journal ArticleDOI
Password-Authenticated Decentralized Identities
TL;DR: In this article, the authors proposed Password-authenticated Decentralized Identities (PDIDs), an identity and authentication framework where users can register their self-sovereign username-password pairs and use them as universal credentials.
Journal ArticleDOI
Security Proofs for Protocols Involving Humans
Kenneth Radke,Colin Boyd +1 more
TL;DR: The notion of human-followable security wherein a human user can understand the process and logic behind cryptographic authentication protocols is introduced and it is proved that this transformation turns protocols secure in the sense of Jager et al. into protocolsSecure in the extended model.
Proceedings ArticleDOI
State-of-the-art, challenges and open issues in integrating security and privacy in P2P content distribution systems
TL;DR: A survey of integration components (i.e. content protection and privacy-preservation techniques) and recent proposals of P2P content distribution systems that incorporates both integrants are presented and different challenges and open research issues are pointed out.
Book ChapterDOI
Software-Only Two-Factor Authentication Secure Against Active Servers
TL;DR: This work proposes a two-factor password-based authentication protocol where no information about the password leak from the server's side nor from the client's side, and where the password is not sent to the server when the user authenticates.
References
More filters
Journal ArticleDOI
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Journal ArticleDOI
A public key cryptosystem and a signature scheme based on discrete logarithms
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Book ChapterDOI
A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Book
Cryptography and data security
TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.