Her-tyan Yeh,Hung-min Sun,Tzonelih Hwang

DOI: https://doi.org/10.6688/jise.2003.19.6.6

2003-01-01

Journal of information science and engineering

Abstract:Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-equivalent mechanism in which a compromise of the server's database will not result in success in directly impersonating clients.

HM Sun,BC Chen,T Hwang

DOI: https://doi.org/10.1016/j.jss.2003.11.017

IF: 3.5

2004-01-01

Journal of Systems and Software

Abstract:Key exchange protocol is important for sending secret messages using the session key between two parties. In order to reach the objective, the premise is to generate a session key securely. Encryption key exchange was first proposed to generate a session key with a weak authenticated password against guessing attacks. Next, another authenticated key exchange protocols for three-party, two clients who request the session key and one server who authenticates the user's identity and assist in generating a session key, were proposed. In this paper, we focus on the three-party authenticated key exchange protocol. In addition to analyzing and improving a password-based authenticated key exchange protocol, a new verified-based protocol is also proposed.

Victor Boyko,Philip MacKenzie,Sarvar Patel

DOI: https://doi.org/10.1007/3-540-45539-6_12

2000-01-01

Abstract:When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using crypto-graphically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit-authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest.

Marimuthu Karuppiah,Ashok Kumar Das,Xiong Li,Saru Kumari,Fan Wu,Shehzad Ashraf Chaudhry,R. Niranchana

DOI: https://doi.org/10.1007/s11036-018-1061-8

2018-01-01

Abstract:Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks. Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally, we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.

Shai Halevi,Hugo Krawczyk

DOI: https://doi.org/10.1145/322510.322514

1999-08-01

ACM Transactions on Information and System Security

Abstract:We study protocols for strong authentication and key exchange in asymmetric scenarios where the authentication server possesses ~a pair of private and public keys while the client has only a weak human-memorizable password as its authentication key. We present and analyze several simple password authentication protocols in this scenario, and show that the security of these protocols can be formally proven based on standard cryptographic assumptions. Remarkably, our analysis shows optimal resistance to off-line password guessing attacks under the choice of suitable public key encryption functions. In addition to user authentication, we describe ways to enhance these protocols to provide two-way authentication, authenticated key exchange, defense against server's compromise, and user anonymity. We complement these results with a proof that strongly indicates that public key techniques are unavoidable for password protocols that resist off-line guessing attacks. As a further contribution, we introduce the notion of public passwords that enables the use of the above protocols in situations where the client's machine does not have the means to validate the server's public key. Public passwords serve as "hand-held certificates" that the user can carry without the need for specal computing devices.

English Else

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Shu Jian,Chunxiang Xu

2009-01-01

Abstract:The goal of password-based authenticated exchange protocol is established secure key by using preshared human-memorable password.Most of existing schemes either have computation burden or rely on the random oracle model.A new scheme without random oracles is proposed,which requires only one generator.Due to not using CPA or CCA2 public encryption scheme,the proposed protocol is efficient in computational cost and simple in protocol description when compared other solutions without random oracles.Specifically,this protocol reduces 64% of the exponential computations of the protocol proposed by Yin Yin et al.in the paper of "Provable secure encrypted key exchange protocol under standard model".The security of the proposed scheme has been proven in the standard model under DDH assumption.

SH Wang,F Bao,J Wang

DOI: https://doi.org/10.1093/ietcom/e88-b.4.1641

2005-01-01

IEICE Transactions on Communications

Abstract:In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks.

Hong-bin TANG,Xin-song LIU

DOI: https://doi.org/10.3724/sp.j.1087.2012.01381

2012-01-01

Abstract:Password-based authentication and key exchange protocol have been widely used in various network services due to easy memory of password.Unfortunately,password-based authentication scheme also suffers from attacks because of the low entropy of password.In the year 2011,Islam et al.(ISLAM SK H,BISWAS G P.Improved remote login scheme based on ECC.IEEE-International Conference on Recent Trends in Information Technology.Washington,DC: IEEE Computer Society,2011: 1221-1226)proposed an improved remote login scheme based on Elliptic Curve Cryptography(ECC).Whereas,the scheme was vulnerable to stolen-verifier and impersonation attacks and failed to provide mutual authentication.Therefore,the authors proposed a password-based Remote Authentication with Key Agreement(RAKA) protocol using ECC to tackle the problems in Islam et al.'s scheme.RAKA was based on Elliptic Curve Discrete Logarithm Problem(ECDLP) and needed to compute six elliptic curve scale multiplications and seven hash function operations during a protocol run.The efficiency improves by about 15%.It is more secure and efficient than Islam et al.'s scheme.

He Debiao,Chen Jianhua,Hu Jin

2010-01-01

Abstract:He Debiao, Chen Jianhua, Hu Jin School of Mathematics and Statistics, Wuhan University, Wuhan, Hubei 430072, China hedebiao@163.com Abstract: Recently, Abdalla et al. proposed a new gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where each client shares a human-memorable password with a trusted server so that they can resort to the server for authentication when want to establish a shared session key with the gateway. In the letter, we show that a malicious client of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack and can not provide the implicit key confirmation. At last, we present a countermeasure to against the attack.

Rui Jiang,LI Jian-Hua,Li Pan,蒋睿,李建华,潘理

2006-01-01

Abstract:Simple authenticated key agreement algorithm is one of the Diffie-Hellman key agreement variations. It prevents man-in-the-middle attack with only two more packets required to agree on the secret session key, but it has some weaknesses. In this paper, a new enhanced simple authenticated key agreement algorithm is proposed to overcome these weaknesses on the basis of analyzing the weaknesses of the related protocols. The new enhanced simple authenticated key agreement algorithm can get over replay attack and password guessing attack, provide perfect forward secrecy, and hold the merits of the simple authenticated key agreement algorithm.

Chunbo Ma,Jun Ao,Jianhua Li

2007-01-01

Abstract:A password-based tripartite key agreement protocol is presented in this paper. The three entities involved in this protocol can negotiate a common session key via a shared password over insecure networks. Proofs are given to show that the proposed protocol is secure against forging and chosen message attacks in the case of without actually running a dictionary attack.

Shuhong Wang,Jie Wang,Maozhi Xu

DOI: https://doi.org/10.1007/978-3-540-24852-1_30

2004-01-01

Abstract:A password-authenticated key exchange scheme allows two entities, who only share a memorable password, to authenticate each other and to agree on a. cryptographic session key. Instead of considering it in the classic client and server scenarios, Byun et al. recently proposed a password-authenticated key exchange protocol in a cross-realm setting where two clients in different realms obtain a secret session key as well as mutual authentication, with the help of respective servers. In this paper, we first, point out that the proposed protocol is not secure, due to the choice of invalid parameters (say, subgroup generator). Furthermore, we show in detail that, even with properly chosen parameters, the protocol has still some secure flaws. We provide three attacks to illustrate the insecurity of the protocol. Finally, countermeasures are also given, which are believed able to withstand our attacks.

Hung-Min Sun,Her-Tyan Yeh

DOI: https://doi.org/10.1016/j.jcss.2006.03.005

IF: 1.043

2006-01-01

Journal of Computer and System Sciences

Abstract:In an open networking environment, a workstation usually needs to identify its legal users for providing its services. Kerberos provides an efficient approach whereby a trusted third-party authentication server is used to verify users' identities. However, Kerberos enforces the user to use strong cryptographic secret for user authentication, and hence is insecure from password guessing attacks if the user uses a weak password for convenience. In this paper, we focus on such an environment in which the users can use easy-to-remember passwords. In addition to password guessing attacks, perfect forward secrecy (PFS in short) is another important security consideration when designing an authentication and key distribution protocol. Based on the capability of protecting the client's password, the application server's secret key, and the authentication server's private key, we define seven classes of perfect forward secrecy and focus on protocols achieving class-1, class-3, and class-7 due to their hierarchical relations. Then, we propose three secure authentication and key distribution protocols to provide perfect forward secrecy of these three classes. All these protocols are efficient in protecting poorly-chosen passwords chosen by users from guessing attacks and replay attacks.

Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/506106.506108

2000-01-01

ACM SIGOPS Operating Systems Review

Abstract:Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.

Huang Shi,Tianjie Cao,Gao Caiyun

DOI: https://doi.org/10.14257/astl.2015.111.14

2015-01-01

Abstract:Authentication between user and server has become more and more important in the insecure network. The scheme can complete mutual authentication and resist certain known attacks. But for password guessing attack and denial-of-service attack, it cannot resist. Therefore, an improved scheme to eliminate these weaknesses is proposed in this paper.

David P. Jablon

DOI: https://doi.org/10.1145/242896.242897

IF: 1.937

1996-10-01

ACM SIGCOMM Computer Communication Review

Abstract:A new simple password exponential key exchange method (SPEKE) is described. It belongs to an exclusive class of methods which provide authentication and key establishment over an insecure channel using only a small password, without risk of offline dictionary attack. SPEKE and the closely-related Diffie-Hellman Encrypted Key Exchange (DH-EKE) are examined in light of both known and new attacks, along with sufficient preventive constraints. Although SPEKE and DH-EKE are similar, the constraints are different. The class of strong password-only methods is compared to other authentication schemes. Benefits, limitations, and tradeoffs between efficiency and security are discussed. These methods are important for several uses, including replacement of obsolete systems, and building hybrid two-factor systems where independent password-only and key-based methods can survive a single event of either key theft or password compromise.

computer science, information systems

yang zhaolu,fan lei,li jianhua

DOI: https://doi.org/10.3969/j.issn.1002-0802.2003.03.036

2003-01-01

Abstract:Key agreement is the procedure that t he two sides of the communication negotiate a session key.A simple au-thenticated key agreement algorith m(SAKA)and its enhanced protocols have been developed.They are simple,but some weak-nesses are founded in them.

JIN Li-jie,XU Chun-xiang

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.08.008

2007-01-01

Abstract:Key Agreement protocols should provide enough security, and the computation cost of them should be as low as possible. An ID-based authenticated key agreement protocol BAKAP(ID-Based Authenticated Key agreement Protocol)is proposed in this paper. This protocol provides some security properties such as known key security, perfect forward secrecy, key-compromise impersonation,unknown key-share resilience and key control. In the proposed protocol, each party is required to perform two elliptic curve point multiplications and one evaluation of the pairing. BAKAP has advantages over other protocols in the moderate computation cost,and therefor is quite practical.

Jaryn Shen,Timothy T. Yuen,Kim-Kwang Raymond Choo,Qingkai Zeng

DOI: https://doi.org/10.1007/978-3-030-21548-4_28

2019-01-01

Abstract:Passwords are widely used in online services, such as electronic and mobile banking services, and may be complemented by other authentication mechanism(s) for example in two-factor or three-factor authentication systems. There are, however, a number of known limitations and risks associated with the use of passwords, such as man-in-the-middle (MitM) and offline guessing attacks. In this paper, we present AMOGAP, a novel text password-based user authentication mechanism, to defend against MitM and offline guessing attacks. In our approach, users can select easy-to-remember passwords, and AMOGAP converts currently-used salted and hashed password files into user tokens, whose security relies on the Decisional Diffie-Hellman (DDH) assumption, at the server end. In other words, we use a difficult problem in number theory (i.e., DDH problem), rather than a one-way hash function, to ensure security against offline password guessing attackers and MitM attackers. AMOGAP does not require any change in existing authentication process and infrastructure or incur additional costs at the server.