Encrypted key exchange: password-based protocols secure against dictionary attacks
04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >
Citations
More filters
TL;DR: This paper presents a three‐factor mobile device‐based remote authentication scheme, which tackled the security risk imposed by the loss of both password and mobile device, but is still vulnerable to the privileged insider attack, the replay attack,The impersonation attack, and the denial of service attack.
Abstract: The extensive application of mobile commerce has led researchers to design more secure protocols for mobile devices during the recent years. In 2011, Chen et al. proposed a three-factor mobile device-based remote authentication scheme, which tackled the security risk imposed by the loss of both password and mobile device. Scheme of Chen et al., however, is still vulnerable to the privileged insider attack, the replay attack, the impersonation attack, and the denial of service attack. It is not feasible for real-life implementation. Copyright © 2013 John Wiley & Sons, Ltd.
6 citations
01 Jan 2021
TL;DR: Wang et al. as mentioned in this paper proposed a new VPAKE protocol based on lattices, which is constructed by using Chosen-Ciphertext Attacks (CCA) secure public-key encryption scheme, which was based on the learning with errors problem and an associated approximate smooth projective hash.
Abstract: Verifier-based Password Authenticated Key Exchange (VPAKE) protocol enables users to generate a session key over insecure channels, which can limit the impact of server's information leakage. However, most existing VPAKE protocols are based on the integer factorization problem and the discrete logarithm problem; they cannot resist attack by quantum computers. In this chapter, we propose a new VPAKE protocol based on lattices. The protocol is constructed by using Chosen-Ciphertext Attacks (CCA) secure public-key encryption scheme, which is based on the learning with errors problem and an associated approximate smooth projective hash. Furthermore, this protocol uses a new randomized password hashing scheme based on lattices. This scheme enables ASCII-based passwords and a zero-knowledge password policy check; it allows users to prove the compliance of their password without revealing any information. Meanwhile, through explicit mutual authentication between the users and the servers, the protocol can resist undetectable online dictionary attacks. We then prove the security of this protocol. Our new protocol only involves three-round interactions with mutual explicit authentication. In addition, it avoids vulnerability of cryptosystem based on the integer factorization problem, and it is robust against quantum attacks.
6 citations
12 Sep 2013
TL;DR: Three-party, password-authenticated key exchange protocols where the trusted third party has a high-entropy private key to which corresponds a public key are studied to achieve resistance against key compromise impersonation and a special form of internal state revealing.
Abstract: We study three-party, password-authenticated key exchange protocols where the trusted third party has a high-entropy private key to which corresponds a public key. In this scenario we can maintain the user-friendliness of password authentication while provably achieving security properties that ordinary password-authenticated key exchange protocols cannot, namely resistance against key compromise impersonation and a special form of internal state revealing. We define security models tailored to our case and illustrate our work with several protocols.
6 citations
Dissertation•
22 Sep 2008TL;DR: Etablir un canal garantissant l'authentification de facon efficace requiert l'utilisation de nombreux outils cryptographiques, nous nous interessons a la securite de plusieurs d'entre eux, presents a differentes etapes dans le protocole de mise en place du canal.
Abstract: Etablir un canal garantissant l'authentification de facon efficace requiert l'utilisation de nombreux outils cryptographiques. Dans ce memoire, nous nous interessons a la securite de plusieurs d'entre eux, presents a differentes etapes dans le protocole de mise en place du canal. Dans un premier temps, nous abordons l'analyse de deux protocoles qui, mis bout a bout, assurent la mise en place d'un canal authentifie, confidentiel et integre : un algorithme d'echange de clefs authentifie et un algorithme de chiffrement authentifie. Le premier algorithme permet de generer des clefs en alliant plusieurs moyens d'authentification (biometrie, mot de passe, carte a puce). Le second est un algorithme normalise appele CCM. Dans un second temps, nous nous interessons plus particulierement a la phase d'extraction de clefs, etape charniere entre l'echange de clefs et son utilisation pour etablir un canal securise. Nous presentons une methode simple pour extraire une clef symetrique d'un element Diffie-Hellman, puis nous analysons l'utilisation d'HMAC comme fonction d'extraction de clefs. Dans un troisieme temps, nous concentrons notre attention sur les fonctions de hachage, tres utilisees a plusieurs niveaux du protocole. Plus precisement, nous analysons la securite d'un mode operatoire base sur un algorithme de chiffrement par bloc dont on fixe la clef, puis, nous examinons des modes operatoires qui cherchent a garantir une securite en seconde preimage optimale.
6 citations
01 Jan 1995
TL;DR: A definition for personal communication is given, some key problems to be solved in realizing PC are discussed, and some personal suggestions are given.
Abstract: This paper first gives a definition for personal communication,then discusses some key problems to be solved in realizing PC and lastly gives some personal suggestions.
6 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
7,514 citations
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
2,351 citations
Book•
01 Jan 1982TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface)
Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data.
Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further.
Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]