Encrypted key exchange: password-based protocols secure against dictionary attacks
Steven M. Bellovin,Michael Merritt +1 more
- pp 72-84
Reads0
Chats0
TLDR
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.Abstract:
Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >read more
Citations
More filters
Journal ArticleDOI
A compiler for analyzing cryptographic protocols using noninterference
TL;DR: In this paper, the authors propose a protocol specification language more abstract than SPA, called VSP, and a compiler CVS that automatically generates the SPA specification for a given protocol described in VSP.
Journal ArticleDOI
Simple password-based three-party authenticated key exchange without server public keys
Tian-Fu Lee,Tzonelih Hwang +1 more
TL;DR: This study presents two novel, simple and efficient three-party authenticated key exchange protocols that provide explicit server authentication and implicit server authentication, and have proven secure in the random oracle model.
Dissertation
Sécurité des protocoles cryptographiques : aspects logiques et calculatoires
TL;DR: Dans ce cadre, nous montrons que sous certaines conditions simples, toute preuve logique d'equivalence statique implique d’indistinguibilite cryptographique des donnees modelisees en particulier au chiffrement and auxDonnees vulnerables aux attaques par dictionnaire.
Journal ArticleDOI
Efficient Three-Party Authentication and Key Agreement Protocols Resistant to Password Guessing Attacks
TL;DR: A verifier-based three-party EKE that is more secure than a plaintext-equivalent mechanism in which a compromise of the server's database will not result in success in directly impersonating clients.
Patent
Method and apparatus for entity authentication and key distribution secure against off-line adversarial attacks
TL;DR: In this paper, the authors describe a method for substantially concurrently performing entity authentication operations and short-lived secret key distribution operations over an insecure communication channel between communication partners, wherein authenticity of communication partners is determined by possession of the long-lived shared secret key.
References
More filters
Journal ArticleDOI
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Journal ArticleDOI
A public key cryptosystem and a signature scheme based on discrete logarithms
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Book ChapterDOI
A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Book
Cryptography and data security
TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.