Strong password-only authenticated key exchange

@article{Jablon1996StrongPA,
  title={Strong password-only authenticated key exchange},
  author={David P. Jablon},
  journal={Comput. Commun. Rev.},
  year={1996},
  volume={26},
  pages={5-26}
}
  • David P. Jablon
  • Published 1 October 1996
  • Computer Science, Mathematics
  • Comput. Commun. Rev.
A new simple password exponential key exchange method (SPEKE) is described. It belongs to an exclusive class of methods which provide authentication and key establishment over an insecure channel using only a small password, without risk of offline dictionary attack. SPEKE and the closely-related Diffie-Hellman Encrypted Key Exchange (DH-EKE) are examined in light of both known and new attacks, along with sufficient preventive constraints. Although SPEKE and DH-EKE are similar, the constraints… 
View on ACM
grouper.ieee.org
556 Citations
Highly Influential Citations
43
Background Citations
178
Methods Citations
126
Results Citations
4

Figures and Tables from this paper

556 Citations

CA based password-only authenticated key exchange
  • D. K. Bhattacharryya, S. Nandi
  • Computer Science, Mathematics
    2000 IEEE Workshop on SiGNAL PROCESSING SYSTEMS. SiPS 2000. Design and Implementation (Cat. No.00TH8528)
  • 2000
TLDR
Presents a secure password-only authenticated key exchange (PAKE) method, designed based on the features of linear and nonlinear group as well as non-group cellular automata (CA) based logic structure, which offers intruders a high order of complexity to gain knowledge of the key.
The Secure Remote Password Protocol
TLDR
This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and has significantly improved performance over comparably strong extended methods that resist stolen-veri er attacks such as Augmented EKE or B-SPEKE.
Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords
TLDR
This paper points out that the proposed password-authenticated key exchange protocol is not secure, due to the choice of invalid parameters (say, subgroup generator), and shows in detail that, even with properly chosen parameters, the protocol has still some secure flaws.
Password-Based Authenticated Key Exchange
  • D. Pointcheval
  • Computer Science, Mathematics
    Public Key Cryptography
  • 2012
Authenticated Key Exchange protocols enable several parties to establish a shared cryptographically strong key over an insecure network using various authentication means, such as strong
Provably Secure Threshold Password-Authenticated Key Exchange Extended Abstract
TLDR
These are the first protocols which are provably secure in the standard model (i.e. no random oracles are used for the proof of security) and are reasonably efficient and implementable in practice.
Provably secure threshold password-authenticated key exchange
Password-Authenticated Key Exchange between Clients with Different Passwords
TLDR
This paper proposes a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange (C2CPAKE).
Password-Based Authenticated Key Establishment Protocols
Authenticated Key Exchange Secure against Dictionary Attacks
TLDR
Correctness for the idea at the center of the Encrypted Key-Exchange protocol of Bellovin and Merritt is proved: it is proved security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.
Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman
TLDR
This work presents a new protocol called PAK, which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries.
...
...

References

SHOWING 1-10 OF 21 REFERENCES
Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks
  • Barry Jaspan
  • Computer Science, Mathematics
    USENIX Security Symposium
  • 1996
TLDR
This paper presents an extension of their ideas called dual-workfactor encrypted key exchange that preserves EKE's strength against dictionary attacks but also efficiently prevents passive password-chaining attacks.
Refinement and extension of encrypted key exchange
TLDR
This paper discusses a possible weakness in the proposed protocol, develops some enhancements and simplifications, and provides a security analysis of the resultant minimal EKE protocol, which yields a protocol with some interesting properties.
Encrypted key exchange: password-based protocols secure against dictionary attacks
  • S. Bellovin, Michael Merritt
  • Computer Science, Mathematics
    Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1992
TLDR
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise
TLDR
Two ways to accomplish EKE augmented so that hosts do not store cleartext passwords are shown, one using digital signatures and one that relies on a family of commutative one-way functions.
An attack on the Interlock Protocol when used for authentication
TLDR
The authors demonstrate that an active attacker can, at the cost of a timeout alarm, bypass the passwork exchange, and capture the passwords used.
Fortifying key negotiation schemes with poorly chosen passwords
TLDR
Key exchange schemes such as Diffie Hellman are vulnerable to middleperson attacks, and thus are often augmented by means of shared secrets, which can be vulnerable to guessing attacks.
Authentication and authenticated key exchanges
TLDR
A simple, efficient protocol referred to as the station-to-station (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols.
Protecting Poorly Chosen Secrets from Guessing Attacks
TLDR
The basic idea is to ensure that data available to the attacker is sufficiently unpredictable to prevent an offline verification of whether a guess is successful or not and to examine protocols to detect vulnerabilities to such attacks.
Optimal authentification protocols resistant to password guessing attacks
  • L. Gong
  • Computer Science
    Proceedings The Eighth IEEE Computer Security Foundations Workshop
  • 1995
TLDR
New protocols that are resistant to guessing attacks and also optimal in both messages and rounds are given, thus refuting the previous belief that protection against guessing attacks makes an authentification protocol inherently more expensive.
SPX: global authentication using public key certificates
  • J. Tardo, Kannan Alagappan
  • Computer Science
    Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1991
SPX, a reference implementation of an open distributed authentication service architecture based on ISO Standard 9594-9/CCITT X.509 directory public key certificates and hierarchically organized
...
...