Encrypted key exchange: password-based protocols secure against dictionary attacks
04 May 1992-pp 72-84
TL;DR: A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Abstract: Classic cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. A combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. In particular, a protocol relying on the counter-intuitive motion of using a secret key to encrypt a public key is presented. Such protocols are secure against active attacks, and have the property that the password is protected against offline dictionary attacks. >
Citations
More filters
13 Nov 2009
TL;DR: Tru wallet provides strong protection for users' credentials and sensitive data by cryptographically binding them to the user's platform configuration based on Trusted Computing technology, and an automated login procedure where the server is authenticated independently from (SSL) certificates, thus limiting the possibility of attacks based on hijacked certificates.
Abstract: Identity theft has fostered to a major security problem on the Internet, in particular stealing passwords for web applications through phishing and malware. We present TruWallet, a wallet-based authentication tool that improves previous solutions for protecting web-based authentication. In contrast to other wallet-based solutions, TruWallet provides (i) strong protection for users' credentials and sensitive data by cryptographically binding them to the user's platform configuration based on Trusted Computing technology, (ii) an automated login procedure where the server is authenticated independently from (SSL) certificates, thus limiting the possibility of attacks based on hijacked certificates and allowing less dependency on the SSL PKI model, and (iii) a secure migration protocol for transferring wallet data to other platforms. Our implementation uses a small virtualization-based security kernel with trusted computing support and works with standard SSL-based authentication solutions for the web, where only minor modifications and extensions are required. It is interoperable so that we can re-use existing operating systems and applications like web browsers.
35 citations
Patent•
14 Aug 2000TL;DR: In this article, a Diffie-Hellman type key exchange protocol is proposed, in which the DiffieHellman value is combined with a function of at least a password using group operation such that the value may be extracted by the other party using the inverse group operation and knowledge of the password.
Abstract: Secure communication protocols are disclosed in which two parties generate a shared secret which may be used as a secure session key for communication between the parties. The protocols are based on Diffie-Hellman type key exchange in which a Diffie-Hellman value is combined with a function of at least a password using the group operation such that the Diffie-Hellman value may be extracted by the other party using the inverse group operation and knowledge of the password. In one embodiment, each of the parties explicitly authenticates the other party, while in another embodiment, the parties utilize implicit authentication relying on the generation of an appropriate secret session key to provide the implicit authentication. Typically, the parties will be a client computer and a server computer. In accordance with other embodiments of the invention, in order to protect against a security compromise at the server, the server is not in possession of the password, but instead is provided with, and stores, a so-called password verifier which is a function of the password and where the password itself cannot be determined from the value of the password verifier.
35 citations
Patent•
20 Jul 1999TL;DR: In this paper, the authors proposed a method for securing over-the-air communication in wireless system, where a mobile sends a system access request and dummy data associated with the access request to a network.
Abstract: In the method for securing over-the-air communication in wireless system, a mobile sends a system access request and dummy data associated with the system access request to a network. The network sends a first data stream including a first data portion to the mobile in response to the system access request and the dummy data. The mobile extracts the first data portion from the first bit stream, and sends a second bit stream to the network. The second bit stream includes a second data portion. The mobile and the network both generate a key based on the first data portion and the second data portion, and establish a first encrypted and authenticated communication channel in cooperation using the key. The mobile then transfers authorizing information to the network over the first encrypted and authenticated communication channel. If accepted, a second encrypted and authenticated communication channel is established. The network then sends sensitive information such as the root or A-key to the mobile over the second encrypted and authenticated communication channel.
35 citations
TL;DR: This work gives the first secure two-server protocol for the password-only setting (in which the user need remember only a password, and not the servers@? public keys), and is the first two- server protocol (in any setting) with a proof of security in the standard model.
35 citations
Cites background from "Encrypted key exchange: password-ba..."
...Bellovin and Merritt [5] were the first to suggest protocols for what we term password-only authenticated key exchange (PAKE), where the clients are required to “store” (i....
[...]
TL;DR: This paper is the first time that neural network technology has been fully and successfully applied to designing proactive password checkers and shows that these checkers have very good performance: error rates are comparable to those of the best existing checkers, implemented on different principles and by using other methodologies.
Abstract: This paper deals with the access control problem. We assume that valuable resources need to be protected against unauthorized users and that, to this aim, a password-based access control scheme is employed. Such an abstract scenario captures many applicative settings. The issue we focus our attention on is the following: password-based schemes provide a certain level of security as long as users choose good passwords, i.e., passwords that are hard to guess in a reasonable amount of time. In order to force the users to make good choices, a proactive password checker can be implemented as a submodule of the access control scheme. Such a checker, any time the user chooses/changes his own password, decides on the fly whether to accept or refuse the new password, depending on its guessability. Hence, the question is: how can we get an effective and efficient proactive password checker? By means of neural networks and statistical techniques, we answer the above question, developing suitable proactive password checkers. Through a series of experiments, we show that these checkers have very good performance: error rates are comparable to those of the best existing checkers, implemented on different principles and by using other methodologies, and the memory requirements are better in several cases. It is the first time that neural network technology has been fully and successfully applied to designing proactive password checkers
34 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
"Encrypted key exchange: password-ba..." refers background or methods in this paper
...ElGamal’s algorithm is derived from the DiffieHellman exponential key exchange protocol[2]; accordingly, we will review the latter first....
[...]
...And even this risk is minimal if B performs certain checks to guard against easily-solvable choices: that β is indeed prime, that it is large enough (and hence not susceptible to precalculation of tables), that β − 1 have at least one large prime factor (to guard against Pohlig and Hellman’s algorithm[13]), and that α is a primitive root of GF (β)....
[...]
...The use given above for asymmetric encryption — simply using it to pass a key for a symmetric encryption system — is an example of what Diffie and Hellman[2] call a public key distribution system....
[...]
...It works especially well with exponential key exchange [2]....
[...]
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
"Encrypted key exchange: password-ba..." refers methods in this paper
...Section 2 describes the asymmetric cryptosystem variant and implementations using RSA[ 3 ] and ElGamal[4]....
[...]
...We will use RSA[ 3 ] to illustrate the difficulties....
[...]
23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
7,514 citations
19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Abstract: A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
2,351 citations
Book•
01 Jan 1982TL;DR: The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks.
Abstract: From the Preface (See Front Matter for full Preface)
Electronic computers have evolved from exiguous experimental enterprises in the 1940s to prolific practical data processing systems in the 1980s. As we have come to rely on these systems to process and store data, we have also come to wonder about their ability to protect valuable data.
Data security is the science and study of methods of protecting data in computer and communication systems from unauthorized disclosure and modification. The goal of this book is to introduce the mathematical principles of data security and to show how these principles apply to operating systems, database systems, and computer networks. The book is for students and professionals seeking an introduction to these principles. There are many references for those who would like to study specific topics further.
Data security has evolved rapidly since 1975. We have seen exciting developments in cryptography: public-key encryption, digital signatures, the Data Encryption Standard (DES), key safeguarding schemes, and key distribution protocols. We have developed techniques for verifying that programs do not leak confidential data, or transmit classified data to users with lower security clearances. We have found new controls for protecting data in statistical databases--and new methods of attacking these databases. We have come to a better understanding of the theoretical and practical limitations to security.
1,937 citations
"Encrypted key exchange: password-ba..." refers background in this paper
...Can such a random odd number less than a known n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p′ + 1 and 2q′ + 1, where p′ and q′ are primes, a choice that is recommended for other reasons [9]....
[...]