Encrypted key exchange: password-based protocols secure against dictionary attacks
Steven M. Bellovin,Michael Merritt +1 more
- pp 72-84
TLDR
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.Abstract:
Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >read more
Citations
More filters
Journal ArticleDOI
Quantum-Safe Round-Optimal Password Authentication for Mobile Devices
TL;DR: This article resorts tosmooth projective hash functions, which enable the server to store a hash of the user's password with a random salt, providing guarantees that the user’s password is never transmitted in plain-text to the server when login.
Book ChapterDOI
Password-based encryption analyzed
Martín Abadi,Bogdan Warinschi +1 more
TL;DR: It is proved that symbolically secure uses of passwords are also computationally secure, and under certain (standard) assumptions about the computational implementation of the cryptographic primitives, symbolic equivalence implies computational equivalence.
Proceedings ArticleDOI
T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices
TL;DR: A pairing protocol using faithful fuzzy commitment is designed, and a prototype system named Touch-to-Pair (T2Pair, for short) is built that is secure and usable and reveals an inaccuracy issue in original fuzzy commitment.
Book ChapterDOI
Design and analysis of password-based key derivation functions
F. Frances Yao,Yiqun Lisa Yin +1 more
TL;DR: This correspondence proposes a general security framework for password-based KDFs and introduces two security definitions each capturing a different attacking scenario and proposes a new password- based KDF that is provably secure even when the adversary has full control of the parameters.
Journal ArticleDOI
2PAKEP: Provably Secure and Efficient Two-Party Authenticated Key Exchange Protocol for Mobile Environment
TL;DR: A secure and efficient two-party authentication key exchange protocol, called 2PAKEP, that hides user’s real identity from an adversary using a secret parameter and also withstands various attacks, guarantees anonymity, and provides efficient password change mechanism and secure mutual authentication.
References
More filters
Journal ArticleDOI
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Journal ArticleDOI
A public key cryptosystem and a signature scheme based on discrete logarithms
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Book ChapterDOI
A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Book
Cryptography and data security
TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.