Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman

@article{Boyko2000ProvablySP,
  title={Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman},
  author={Victor Boyko and Philip D. MacKenzie and Sarvar Patel},
  journal={IACR Cryptol. ePrint Arch.},
  year={2000},
  volume={2000},
  pages={44}
}
When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using cryptographically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated… Expand
Password-authenticated key exchange based on RSA
TLDR
This paper examines how to design a secure password-authenticated key exchange protocol based on RSA and presents an augmented protocol that is resilient to server compromise, meaning (informally) that an attacker who compromises a server would not be able to impersonate a client, at least not without running an offline dictionary attack against that client’s password. Expand
Efficient and secure authenticated key exchange using weak passwords
TLDR
The authors' is the first protocol for password-only authentication that is both practical and provably-secure using standard cryptographic assumptions, and is remarkably efficient, requiring computation only 4 times greater than “classical” Diffie-Hellman key exchange that provides no authentication at all. Expand
Security weakness in a three-party pairing-based protocol for password authenticated key exchange
TLDR
This work shows that the protocol for three-party key exchange is completely insecure and the claim of provable security is seriously incorrect, and conducts a detailed analysis of flaws in the protocol and its security proof, in the hope that no similar mistakes are made in the future. Expand
One-Round Protocol for Two-Party Verifier-Based Password-Authenticated Key Exchange
TLDR
This paper proposes a provably-secure verifier-based PAKE protocol well suited with the TLS protocol which requires only a single round, and provides forward secrecy, which is analyzed in the ideal hash model. Expand
Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication
TLDR
This paper introduces a new three-party password-based authenticated key exchange protocol that is reasonably efficient and has a per-user computational cost that is comparable to that of the underlying two-party authenticatedKey exchange protocol. Expand
Password-Authenticated Key Exchange Based on RSA
TLDR
It is shown how to modify the OKE protocol to obtain a password-authenticated key exchange protocol that can be proven secure (in the random oracle model), and the resulting protocol is very practical; the basic protocol requires about the same amount of computation as the Diffie-Hellman-based protocols or the well-known ssh protocol. Expand
Round-Reduced Modular Construction of Asymmetric Password-Authenticated Key Exchange
TLDR
Encrypted PAKE literature addresses the password-only setting, without assuming certified public keys, but it commonly does not address the asymmetric PAKE setting which is required for client-to-server authentication. Expand
Group Password-Authenticated Key Exchange from Identity-Based Cryptosystem
Password-authenticated key exchange (PAKE) protocols are designed to be secure even when the secret key used for authentication is a human-memorable password. In this paper, we consider PAKEExpand
Authenticated Key Exchange Secure against Dictionary Attacks
TLDR
Correctness for the idea at the center of the Encrypted Key-Exchange protocol of Bellovin and Merritt is proved: it is proved security, in an ideal-cipher model, of the two-flow protocol at the core of EKE. Expand
Provably secure threshold password-authenticated key exchange
TLDR
These are the first protocols which are provably secure in the standard model (i.e., no random oracles are used for the proof of security) and are reasonably efficient and implementable in practice. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 56 REFERENCES
Authenticated Key Exchange Secure against Dictionary Attacks
TLDR
Correctness for the idea at the center of the Encrypted Key-Exchange protocol of Bellovin and Merritt is proved: it is proved security, in an ideal-cipher model, of the two-flow protocol at the core of EKE. Expand
Public-key cryptography and password protocols
TLDR
This work presents and analyze several simple password authentication protocols, and shows optimal resistance to off-line password guessing attacks under the choice of suitable public key encryption functions, and introduces the notion of public passwords that enables the use of the above protocols in situations where the client's machine does not have the means to validate the server's public key. Expand
Number theoretic attacks on secure password schemes
  • Sarvar Patel
  • Computer Science
  • Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)
  • 1997
TLDR
It is shown how randomized confounders cannot protect Direct Authentication Protocol and Secret Public Key Protocol versions of a secure password scheme from attacks, and why these attacks are possible against seemingly secure protocols and what is necessary to make secure protocols. Expand
Extended password key exchange protocols immune to dictionary attack
  • David P. Jablon
  • Computer Science
  • Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
  • 1997
TLDR
A new extension to further limit exposure to theft of a stored password-verifier is described, and it is applied to several protocols including the Simple Password Exponential Key Exchange (SPEKE). Expand
The Secure Remote Password Protocol
TLDR
This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and has significantly improved performance over comparably strong extended methods that resist stolen-veri er attacks such as Augmented EKE or B-SPEKE. Expand
Strong password-only authenticated key exchange
A new simple password exponential key exchange method (SPEKE) is described. It belongs to an exclusive class of methods which provide authentication and key establishment over an insecure channelExpand
Encrypted key exchange: password-based protocols secure against dictionary attacks
  • S. Bellovin, Michael Merritt
  • Computer Science
  • Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1992
TLDR
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced. Expand
Public-key cryptography and password protocols: the multi-user case
TLDR
This work shows the inadequacy of both the HK formalization and protocol in the case where there is more than a single user, and proposes a new definition of security for the multi-user case, expressed in terms of transcripts of the entire system, rather than individual protocol executions. Expand
Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise
TLDR
Two ways to accomplish EKE augmented so that hosts do not store cleartext passwords are shown, one using digital signatures and one that relies on a family of commutative one-way functions. Expand
A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract)
TLDR
This framework provides a sound formalization for the authentication problem and suggests simple and attractive design principles for general authentication and key exchange protocols and construct and prove the security of simple and practical Authentication and key-exchange protocols. Expand
...
1
2
3
4
5
...