Encrypted key exchange: password-based protocols secure against dictionary attacks
04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >
Citations
More filters
TL;DR: A simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments.
Abstract: We presented a simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments. He does not need to carry smart card storing his private information but just needs to know his identity and password. For this purpose, the scheme was implemented over elliptic curves because of their well-known advantages with regard to processing and size constraints. Furthermore, the scheme is provably secure under the assumptions that the hash function closely behaves like a random oracle and that the elliptic curve computational Diffie-Hellman problem is difficult.
5 citations
20 Jul 2015
TL;DR: The Gateway Threshold PAKE is proposed, which is provably secure against this password guessing attack by also taking the corruption of authentication servers into consideration.
Abstract: Password-based Authenticated Key Exchange (PAKE) allows a server to authenticate a user and to establish a session key shared between the server and the user just by having memorable passwords. In PAKE, conventionally the server is assumed to have the authentication functionality and also provide on-line services simultaneously. However, in the real-life applications, this may not be the case, and the authentication server may be separate from on-line service providers. In such a case, there is a problem that a malicious service provider with no authentication functionality may be able to guess the passwords by interacting with other participants repeatedly. Abdalla et al. put forward a notion of the server password protection security to deal with this problem. However, their proposed schemes turned out to be vulnerable to Undetectable On-line Dictionary Attack (UDonDA). To cope with this situation, we propose the Gateway Threshold PAKE provably secure against this password guessing attack by also taking the corruption of authentication servers into consideration.
5 citations
13 Oct 2009
TL;DR: This may be a highly controversial talk, because this is an area where things are periodically rediscovered, but in the process of reinventing it, I think it's found a few interesting protocol issues, and a fewinteresting technological issues, which make it worth revisiting.
Abstract: This may be a highly controversial talk, because this is an area where things are periodically rediscovered. But in the process of reinventing it, I think we've found a few interesting protocol issues, and a few interesting technological issues, which make it worth revisiting.
5 citations
Cites methods from "Encrypted key exchange: password-ba..."
...In particular, schemes such as EKE [ 2 ,4] can be used to leverage the initial weak secret into a strong pseudo-random seed without fear that subsequent development of quantum computers (allowing the easy solution of discrete logarithm puzzles) will expose previously obtained vintage bit keys....
[...]
Posted Content•
TL;DR: In this paper, the problem of password authentication over an insecure network when the user holds only a human-memorizable password has received much attention in the literature, and the first rigorous treatment was provided by Halevi and Krawczyk, who studied off-line password guessing attacks in the scenario in which the authentication server possesses a pair of private and public keys.
Abstract: The problem of password authentication over an insecure network when the user holds only a human-memorizable password has received much attention in the literature. The first rigorous treatment was provided by Halevi and Krawczyk, who studied off-line password guessing attacks in the scenario in which the authentication server possesses a pair of private and public keys. In this work we: Show the inadequacy of both the HK formalization and protocol in the case where there is more than a single user: using a simple and realistic attack, we prove failure of the HK solution in the two-user case.Propose a new definition of security for the multi-user case, expressed in terms of transcripts of the entire system, rather than individual protocol executions.Suggest several ways of achieving this security against both static and dynamic adversaries.In a recent revision of their paper, Halevi and Krawczyk again attempted to handle the multi-user case. We expose a weakness in their revised definition.
5 citations
25 Aug 2008
TL;DR: A weak to strong authentication mechanism associated with a multiparty contributory key agreement method is introduced, designed for dynamic changing topologies, where nodes arrive and depart from a MANET at will.
Abstract: Mobile ad hoc networking is an operating mode for rapid mobile host interconnection, where nodes rely on each other, in order to maintain network connectivity and functionality Security is one of the main issues for mobile ad hoc networks (MANETs) deployment We introduce a weak to strong authentication mechanism associated with a multiparty contributory key agreement method, designed for dynamic changing topologies, where nodes arrive and depart from a MANET at will We introduce a new cube algorithm based on the body-centered cubic (BCC) structure The proposed system employs elliptic curve cryptography, which is more efficient for thin clients where processing power and energy are significant constraints The algorithm is designed for MANETs with dynamic changing topologies due to continuous flow of incoming and departing nodes
5 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
7,514 citations
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
2,351 citations
Book•
01 Jan 1982TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface)
Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data.
Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further.
Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]