Encrypted key exchange: password-based protocols secure against dictionary attacks
04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >
Citations
More filters
TL;DR: A system where the communicating parties do not authenticate one another is presented, and an authentication method based on zero-knowledge and elliptic curves is proposed, unlike the classic systems where he would need to authenticate himself to each receiver.
Abstract: In order to construct the border solutions for nonsupersingular elliptic curve equations, some common used models need to be adapted from linear treated cases for use in particular nonlinear cases. There are some approaches that conclude with these solutions. Optimization in this area means finding the majority of points on the elliptic curve and minimizing the time to compute the solution in contrast with the necessary time to compute the inverse solution. We can compute the positive solution of PDE (partial differential equation) like oscillations of f(s)/s around the principal eigenvalue λ1 of -Δ in H 0 1 (Ω).Translating mathematics into cryptographic applications will be relevant in everyday life, where in there are situations in which two parts that communicate need a third part to confirm this process. For example, if two persons want to agree on something they need an impartial person to confirm this agreement, like a notary. This third part does not influence in anyway the communication process. It is just a witness to the agreement. We present a system where the communicating parties do not authenticate one another. Each party authenticates itself to a third part who also sends the keys for the encryption/decryption process. Another advantage of such a system is that if someone (sender) wants to transmit messages to more than one person (receivers), he needs only one authentication, unlike the classic systems where he would need to authenticate himself to each receiver. We propose an authentication method based on zero-knowledge and elliptic curves.
6 citations
Cites background from "Encrypted key exchange: password-ba..."
...Such protocols were proposed by Bellovin and Merritt [2,3], Jablon [4] and Wu [5], among others....
[...]
..., xk are generated uniformly randomly from the interval [1, 2]...
[...]
18 Oct 2021
TL;DR: The IETF PAKE selection process was discussed in this article, where the authors reflect on the IETF password authenticated key exchange (PAKE) selection process as a case study and summarize lessons in a set of principles with the hope of improving security standardization.
Abstract: From June 2019 to March 2020, IETF conducted a selection process to choose password authenticated key exchange (PAKE) protocols for standardization. Similar standardization efforts were conducted before by IEEE (P1362.2) and ISO/IEC (11770–4). An important hallmark for this IETF selection process is its openness: anyone can nominate any candidate; all reviews are public; and all email discussions on the IETF mailing lists are archived and publicly readable. However, despite the openness, it is unclear whether this IETF selection process has presented a successful model. Several important questions that were raised during the selection process remained unaddressed even after the two winners (CPace and OPAQUE) were announced. We reflect on the IETF PAKE selection process as a case study, and summarize lessons in a set of principles with the hope of improving security standardization in the future.
6 citations
14 Nov 2011
TL;DR: The proposed TW-KEAP provides mutual authentication, replay attack protection and perfect forward secrecy, and has not only the shortest total service time but also the shortest queuing delay from the queuing model analyses, as compared with current alternatives.
Abstract: The key exchange protocol is the most important cryptography mechanism to protect end-to-end communications by the secret session key encryption. This paper focuses on the four-party key exchange protocol in a environment in which two clients (or UEs) are registered under two distinct servers. We propose a Three-Way Key Exchange and Agreement Protocol, denoted by TW-KEAP. It makes two communication parties have a secret session key to protect their subsequent communications on an efficient way, and intends the servers to involve with the key exchange procedure to derive the session key for the lawful interception support. Security analyses show that it provides mutual authentication, replay attack protection and perfect forward secrecy. Furthermore, the TW-KEAP has not only the shortest total service time based on the experimental results but also the shortest queuing delay from the queuing model analyses, as compared with current alternatives.
6 citations
Cites background from "Encrypted key exchange: password-ba..."
...It makes two communication parties have a secret session key to protect their subsequent communications on an efficient way, and intends the servers to involve with the key exchange procedure to derive the session key for the lawful interception support....
[...]
TL;DR: L2Sec, a cryptographic protocol which is able to secure data exchanged over the IOTA Tangle, is presented, suitable for implementation on constrained devices, such as common IoT devices, leading to greater scalability.
Abstract: Internet-of-Things (IoT) and sensor technologies have enabled the collection of data in a distributed fashion for analysis and evidence-based decision making. However, security concerns regarding the source, confidentiality and integrity of the data arise. The most common method of protecting data transmission in sensor systems is Transport Layer Security (TLS) or its datagram counterpart (DTLS) today, but exist an alternative option based on Distributed Ledger Technology (DLT) that promise strong security, ease of use and potential for large scale integration of heterogeneous sensor systems. A DLT such as the IOTA Tangle offers great potential to improve sensor data exchange. This paper presents L2Sec, a cryptographic protocol which is able to secure data exchanged over the IOTA Tangle. This protocol is suitable for implementation on constrained devices, such as common IoT devices, leading to greater scalability. The first experimental results evidence the effectiveness of the approach and advocate for the integration of an hardware secure element to improve the overall security of the protocol. The L2Sec source code is released as open source repository on GitHub.
6 citations
TL;DR: This work exploits both delays and the non-destructive arbitration of CAN to achieve a secure key exchange and bootstrap secret keys by means of the guessing-resilient protocols, such as encrypted-key-exchange (EKE) and simple password exponential key exchange (SPEKE).
Abstract: There are dozens of proposals for securing the controller area network (CAN); however, only a few of them are concerned on how to share secret keys between CAN nodes. Recently, some works have used the non-destructive property of CAN arbitration in order to exchange a secret key and achieve information theoretic security for the key exchange. In our proposals, we exploit both delays and the non-destructive arbitration of CAN to achieve a secure key exchange. While our approach is less efficient when it comes to bandwidth, we do not require any kind of additional hardware and we build our implementation on the software layer which is accessible for any CAN-based application. To boost efficiency, we finally bootstrap secret keys by means of the guessing-resilient protocols, such as encrypted-key-exchange (EKE) and simple password exponential key exchange (SPEKE). In principle, a few dozen frames suffice for a secure key-exchange between two CAN nodes. We discuss several protocol versions and extensions for the case of more than two parties. We also present the experimental results on modern automotive-grade controllers to prove the performance of our solution.
6 citations
Cites methods from "Encrypted key exchange: password-ba..."
...Here we turn this to our advantage by piggybacking frames with parts of a Diffie-Hellman [14] based keys shares of EKE [6]....
[...]
...The last two versions of our schemes: time-triggered minimax and the randomized delay key negotiation set room for piggybacking frames with parts of the keys that are shared via the Diffie-Hellman (DH) version of the Encrypted-KeyExchange protocol (EKE) [6] and Simple Password Exponential Key Exchange (SPEKE) [22]....
[...]
...For the case of a stronger adversary, that has full control over the nodes, we later design a protocol that uses a weak existing secret along with the initial version of our schemes to securely exchange a session key based on guessing resilient protocol Encrypted Key Exchange (EKE) [5], [6]....
[...]
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
7,514 citations
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
2,351 citations
Book•
01 Jan 1982TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface)
Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data.
Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further.
Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]