Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks

  title={Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks},
  author={Dan Harkins},
  journal={2008 Second International Conference on Sensor Technologies and Applications (sensorcomm 2008)},
  • D. Harkins
  • Published 25 August 2008
  • Computer Science
  • 2008 Second International Conference on Sensor Technologies and Applications (sensorcomm 2008)
We propose a simple protocol for authentication using only a password. The result of the protocol is a cryptographically strong shared secret for securing other data - e.g. network communication. SAE is resistant to passive attack, active attack, and dictionary attack. It provides a secure alternative to using certificates or when a centralized authority is not available. It is a peer-to-peer protocol, has no asymmetry, and supports simultaneous initiation. It is therefore well-suited for use… 

WAKE: Authentication and Key Establishment for Wireless Mesh Network

This paper proposes an effective authentication mechanism named WAKE, to provide access control for mesh clients, which uses identity based cryptography and is non trivially secure.

Efficient Wi-Fi Security Protocol Using Dual Tokens

The dual-token based randomized token authentication technology is applied to the Wi-fi security protocol to achieve an efficient Wi-Fi security protocol by dividing initial authentication and secure session establishment.

Secure Enrollment of Certificates Using Short PINs

This article presents a provisioning procedure and a cryptographic protocol that make use of Password Authenticated Key Exchanges (PAKEs) to allow for a secure operation with extremely short PINs even on devices with low computational power.

Authentication in wireless mesh networks

This chapter proposes to review the most known authentication protocols that have been proposed for the authentication of wireless mesh network stations either in IEEE standards or in research literature.

VTBPEKE: Verifier-based Two-Basis Password Exponential Key Exchange

An asymmetric variant of TBPEKE, also known as VPAKE, for Verifier-based Password Authenticated Key Exchange is studied, which is also quite efficient, and resistant to server-compromise.

CHIP and CRISP: Protecting All Parties Against Compromise Through Identity-Binding PAKEs

This work proposes the notions of (strong) identity-binding PAKEs that protect against compromise of any party, and can also be applied in the symmetric setting, and proposes counterparts to state-of-the-art security notions from the asymmetric setting in the UC model.

On the Security of One Password Authenticated Key Exchange Protocol

This protocol is the first password authenticated key exchange protocol (PAKE ) protocol without key diversification for a full version of which a security proof has been obtained and its cryptographic properties are analyzed.

A Novel Process to Avoid Redundant Encryption and Decryption in Wi-Fi Mesh Network

This paper for the first time proposes a new concept to overcome redundant re-encryption in each mesh hop by sharing the legacy client devices Pairwise Transient Key (PTK) to all the mesh APs in a secured mesh control plane.


Centralized Authentication Service (CAS) is a single sign-on protocol for the web that allows web applications to authenticate users without gaining access to a user's security credentials, such as a password.

Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)

This memo describes a secure pre-shared key (PSK) authentication method for the Internet Key Exchange Protocol (IKE). It is resistant to dictionary attack and retains security even when used with



The Secure Remote Password Protocol

This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and has significantly improved performance over comparably strong extended methods that resist stolen-veri er attacks such as Augmented EKE or B-SPEKE.

Secure Communications over Insecure Channels Based on Short Authenticated Strings

A way to establish peer-to-peer authenticated communications over an insecure channel by using an extra channel which can authenticate very short strings, e.g. 15 bits, which offers an alternative (or complement) to public-key infrastructures, since it no longer need any central authority, and to password-based authenticated key exchange, since one no longer needs to establish a confidential password.

Encrypted key exchange: password-based protocols secure against dictionary attacks

  • S. BellovinMichael Merritt
  • Computer Science, Mathematics
    Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1992
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.

Strong password-only authenticated key exchange

A new simple password exponential key exchange method (SPEKE) is described. It belongs to an exclusive class of methods which provide authentication and key establishment over an insecure channel

Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise

Two ways to accomplish EKE augmented so that hosts do not store cleartext passwords are shown, one using digital signatures and one that relies on a family of commutative one-way functions.

Authenticated Key Exchange Secure against Dictionary Attacks

Correctness for the idea at the center of the Encrypted Key-Exchange protocol of Bellovin and Merritt is proved: it is proved security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.

Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman

This work presents a new protocol called PAK, which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries.

Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords

This work shows an efficient, 3-round, password-authenticated key exchange protocol with human-memorable passwords which is provably secure under the Decisional Diffie-Hellman assumption, yet requires only (roughly) 8 times more computation than "standard" Diffie -Hellman key exchange (which provides no authentication at all).

Protecting Poorly Chosen Secrets from Guessing Attacks

The basic idea is to ensure that data available to the attacker is sufficiently unpredictable to prevent an offline verification of whether a guess is successful or not and to examine protocols to detect vulnerabilities to such attacks.

Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys

  • S. Lucks
  • Computer Science, Mathematics
    Security Protocols Workshop
  • 1997
Bellovin and Merritt proposed “encrypted key exchange” (EKE) protocols, to frustrate key-guessing attacks, which requires the use of asymmetric cryptosystems and is based on encrypting the public key, using a symmetric cipher.