scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

Encrypted key exchange: password-based protocols secure against dictionary attacks

04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >

Content maybe subject to copyright    Report

Citations
More filters
Proceedings ArticleDOI
01 Aug 2018
TL;DR: AuthStore as discussed by the authors is a flexible authentication framework that allows users to securely reuse passwords for authentication as well as for encrypted cloud storage at a single or multiple service providers by using password stretching techniques.
Abstract: Passwords are widely used for client to server authentication as well as for encrypting data stored in untrusted environments, such as cloud storage. Both, authentication and encrypted cloud storage, are usually discussed in isolation. In this work, we propose AuthStore, a flexible authentication framework that allows users to securely reuse passwords for authentication as well as for encrypted cloud storage at a single or multiple service providers. Users can configure how secure passwords are protected using password stretching techniques. We present a compact password-authenticated key exchange protocol (CompactPAKE) that integrates the retrieval of password stretching parameters. A parameter attack is described and we show how existing solutions suffer from this attack. Furthermore, we introduce a password manager that supports CompactPAKE.

5 citations

Journal ArticleDOI
TL;DR: The paper identifies the idle fields in TCP/IP and ICMP messages and proposes the use of a stateless model to protect against the misuse of these unused fields and presents the advantages of using a statelessly model over firewalls and IDS.
Abstract: The use of malicious communication channels is becoming an integral part of malicious software agents and tools including those employed for remote access tools and distributed denial of service tools. These malicious software agents use the unused fields of ICMP and TCP/IP packets to establish malicious communication channels. Since TCP/IP comprises 96% of the traffic, the paper identifies the idle fields in TCP/IP and ICMP messages and proposes the use of a stateless model to protect against the misuse of these unused fields. This paper also presents the advantages of using a stateless model over firewalls and IDS. The proposed modifications are recommended highly for the end hosts and it has been shown that the proposed modifications are computationally inexpensive.

5 citations


Cites background from "Encrypted key exchange: password-ba..."

  • ...The paper ends with the conclusions drawn from the test bed implementation....

    [...]

Book ChapterDOI
22 Mar 2009
TL;DR: This paper presents an efficient solution to the group key exchange problem in the password-based scenario which allows users to securely join and leave the group at any time--the so-called dynamic case.
Abstract: This paper presents an efficient solution to the group key exchange problem in the password-based scenario. Our scheme can combine existing group protocols to get a hybrid group key exchange protocol which is efficient in terms of both computation and communication when the number of group users is very large. Our solution allows users to securely join and leave the group at any time--the so-called dynamic case. Moreover, we prove its security in the random oracle model.

5 citations

01 Jan 2006
TL;DR: This work presents the Instant Messaging Key Exchange (IMKE) protocol as a step towards secure IM, and based on the implementation of IMKE using the Jab- ber protocol, provides insights on how IMKE may be integrated with popular IM protocols.
Abstract: Although Instant Messaging (IM) services are now relatively long-standing and very popular as an instant way of communication over the Internet, they have received little attention from the security research community. Despite important dierences distinguishing IM from other Internet applications, very few protocols have been designed to address the unique security issues of IM. In light of threats to existing IM net- works, we present the Instant Messaging Key Exchange (IMKE) protocol as a step towards secure IM. A discussion of IM threat model assump- tions and an analysis of IMKE relative to these using BAN-like logic is also provided. Based on our implementation of IMKE using the Jab- ber protocol, we provide insights on how IMKE may be integrated with popular IM protocols.

5 citations

Journal Article
TL;DR: This work presents a countermeasure for the SCA based on re-keying technique to prevent the repeated use of the device secret key for encryption and signing and recommends a modification in the existing U2F protocol to minimise the effect of signing with the fixed attestation private key.
Abstract: The Universal 2nd Factor (U2F) protocol is an open authentication standard to strengthen the two-factor authentication process. It augments the existing password based infrastructure by using a specialized USB, termed as the U2F authenticator, as the 2nd factor. The U2F authenticator is assigned two fixed keys at the time of manufacture, namely the device secret key and the attestation private key. These secret keys are later used by the U2F authenticator during the Registration phase to encrypt and digitally sign data that will help in proper validation of the user and the web server. However, the use of fixed keys for the above processing leaks information through side channel about both the secrets. In this work we show why the U2F protocol is not secure against side channel attacks (SCA). We then present a countermeasure for the SCA based on re-keying technique to prevent the repeated use of the device secret key for encryption and signing. We also recommend a modification in the existing U2F protocol to minimise the effect of signing with the fixed attestation private key. Incorporating our proposed countermeasure and recommended modification, we then present a new variant of the U2F protocol that has improved security guarantees. We also briefly explain how the side channel attacks on the U2F protocol and the corresponding proposed countermeasures are similarly applicable to Universal Authentication Framework (UAF) protocol.

5 citations

References
More filters
Journal ArticleDOI
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.

14,980 citations


"Encrypted key exchange: password-ba..." refers background or methods in this paper

  • ...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....

    [...]

  • ...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....

    [...]

  • ...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....

    [...]

  • ...It works especially well with exponential key exchange [2]....

    [...]

Journal ArticleDOI
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.

14,659 citations


"Encrypted key exchange: password-ba..." refers methods in this paper

  • ...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....

    [...]

  • ...We will use RSA[ 3 ] to illustrate the difficulties....

    [...]

Journal ArticleDOI
Taher Elgamal1
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.

7,514 citations

Book ChapterDOI
Taher Elgamal1
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.

2,351 citations

Book
01 Jan 1982
TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface) Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data. Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further. Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.

1,937 citations


"Encrypted key exchange: password-ba..." refers background in this paper

  • ...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....

    [...]