Haimin Jin,Duncan S. Wong,Yinlong Xu

DOI: https://doi.org/10.1007/978-3-540-77048-0_4

2007-01-01

Abstract:One of the prominent advantages of password-only two-server authenticated key exchange is that the user password will remain secure against offline dictionary attacks even after one of the servers has been compromised. The first system of this type was proposed by Yang, Deng and Bao in 2006. The system is efficient with a total of eight communication rounds in one protocol run. However, the security assumptions are strong. It assumes that one particular server cannot be compromised by an active adversary. It also assumes that there exists a secure communication channel between the two servers. Recently, a new protocol has been proposed by the same group of researchers. The new one removes these assumptions, but in return pays a very high price on the communication overhead. It takes altogether ten rounds to complete one protocol run and requires more computation. Therefore, the question remains is whether it is possible to build a protocol which can significantly reduce the number of communication rounds without introducing additional security assumptions or computational complexity. In this paper, we give an affirmative answer by proposing a very efficient protocol with no additional assumption introduced. The protocol requires only six communication rounds without increasing the computational complexity.

Victor Boyko,Philip MacKenzie,Sarvar Patel

DOI: https://doi.org/10.1007/3-540-45539-6_12

2000-01-01

Abstract:When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using crypto-graphically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit-authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest.

Shai Halevi,Hugo Krawczyk

DOI: https://doi.org/10.1145/322510.322514

1999-08-01

ACM Transactions on Information and System Security

Abstract:We study protocols for strong authentication and key exchange in asymmetric scenarios where the authentication server possesses ~a pair of private and public keys while the client has only a weak human-memorizable password as its authentication key. We present and analyze several simple password authentication protocols in this scenario, and show that the security of these protocols can be formally proven based on standard cryptographic assumptions. Remarkably, our analysis shows optimal resistance to off-line password guessing attacks under the choice of suitable public key encryption functions. In addition to user authentication, we describe ways to enhance these protocols to provide two-way authentication, authenticated key exchange, defense against server's compromise, and user anonymity. We complement these results with a proof that strongly indicates that public key techniques are unavoidable for password protocols that resist off-line guessing attacks. As a further contribution, we introduce the notion of public passwords that enables the use of the above protocols in situations where the client's machine does not have the means to validate the server's public key. Public passwords serve as "hand-held certificates" that the user can carry without the need for specal computing devices.

English Else

Her-Tyan Yeh,Hung-Min Sun

DOI: https://doi.org/10.1145/583800.583802

2002-01-01

Abstract:AbstractPassword-based mechanism is the widely used method for user authentication. Many password-based authenticated key exchange protocols have been proposed to resist password guessing attacks. In this paper, we present a simple authenticated key agreement protocol called SAKA which is simple and cost-effective. To examine its security, we provide a formal proof of security to show its strength against both passive and active adversaries. Compared with the previously best protocols, SAKA has less number of steps and less computation cost.

Shu Jian,Chunxiang Xu

2009-01-01

Abstract:The goal of password-based authenticated exchange protocol is established secure key by using preshared human-memorable password.Most of existing schemes either have computation burden or rely on the random oracle model.A new scheme without random oracles is proposed,which requires only one generator.Due to not using CPA or CCA2 public encryption scheme,the proposed protocol is efficient in computational cost and simple in protocol description when compared other solutions without random oracles.Specifically,this protocol reduces 64% of the exponential computations of the protocol proposed by Yin Yin et al.in the paper of "Provable secure encrypted key exchange protocol under standard model".The security of the proposed scheme has been proven in the standard model under DDH assumption.

Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/506106.506108

2000-01-01

ACM SIGOPS Operating Systems Review

Abstract:Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.

Adam Groce,Jonathan Katz

DOI: https://doi.org/10.1145/1866307.1866365

2010-01-01

Abstract:Protocols for password-based authenticated key exchange (PAKE) allow two users who share only a short, low-entropy password to agree on a cryptographically strong session key. The challenge in designing such protocols is that they must be immune to off-line dictionary attacks in which an eavesdropping adversary exhaustively enumerates the dictionary of likely passwords in an attempt to match a password to the set of observed transcripts. To date, few general frameworks for constructing PAKE protocols in the standard model are known. Here, we abstract and generalize a protocol by Jiang and Gong to give a new methodology for realizing PAKE without random oracles, in the common reference string model. In addition to giving a new approach to the problem, the resulting construction off ers several advantages over prior work. We also describe an extension of our protocol that is secure within the universal composability (UC) framework and, when instantiated using El Gamal encryption, is more efficient than a previous protocol of Canetti et al.

XU Chun-xiang,HE Xiao-hu

DOI: https://doi.org/10.3969/j.issn.1001-0548.2012.04.023

2012-01-01

Abstract:Three-party password-based authenticated key exchange protocols allow two clients to authenticate each other and establish a shared session key through a trusted server who preserves clients’ passwords or verifiers about passwords.However,because of the low entropy of passwords,password-based authenticated key exchange protocols are vulnerable to dictionary attacks.Based on available protocols,a new efficient three-party password-based authenticated key exchange protocol is proposed by combining the symmetric encryption algorithm with the method of two-party key exchange protocol of Diffie-Hellman.Results indicate that and the proposed protocol can resist against various attacks and provide the perfect forward security.

Hu Xiong,Yanan Chen,Zhong Chen,Fagen Li

DOI: https://doi.org/10.2316/Journal.202.2013.1.202-3540

2015-01-01

International Journal of Computers and Applications

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the help of an authenticated server over an insecure channel. Owning to the significance in building a secure communication channel, a number of approaches have been suggested over the years. However, the lack of formal security proof is a major issue in the related literature. In this paper, we propose a simple 3PAKE protocol based upon elliptic curve cryptography along with formal security proof under the decisional Diffie-Hellman assumption. Experimental results by using the automated validation of Internet security protocols and applications tool also show that the proposed protocol is secure against various malicious attacks. Compared with previous work, the proposed protocol has lower computation costs and lighter communication loads.

WANG Ying-jie,LUO Wei,XU Xiao-fei

DOI: https://doi.org/10.3969/j.issn.1002-0802.2009.11.031

2009-01-01

Abstract:Authenticated key exchange (AKE) protocols are designed to allow mutual authentication and generation of a cryptographically-secure session key. For wireless security, the password-based authentication scheme is usually vulnerable to dictionary attack though might have a low system cost. This paper proposes an ID authentication-based key exchange scheme for wireless security, which has light computational overhead, is resistant to impersonation attack, and also of other security attributes.

He Debiao,Chen Jianhua,Hu Jin

2010-01-01

Abstract:He Debiao, Chen Jianhua, Hu Jin School of Mathematics and Statistics, Wuhan University, Wuhan, Hubei 430072, China hedebiao@163.com Abstract: Recently, Abdalla et al. proposed a new gateway-oriented password-based authenticated key exchange (GPAKE) protocol among a client, a gateway, and an authentication server, where each client shares a human-memorable password with a trusted server so that they can resort to the server for authentication when want to establish a shared session key with the gateway. In the letter, we show that a malicious client of GPAKE is still able to gain information of password by performing an undetectable on-line password guessing attack and can not provide the implicit key confirmation. At last, we present a countermeasure to against the attack.

Minkyung Park,Eunsang Cho,Ted Taekyoung Kwon

DOI: https://doi.org/10.7840/kics.2015.40.8.1597

2015-08-31

The Journal of Korean Institute of Communications and Information Sciences

Abstract:Password authenticated key exchange (PAKE) is a protocol that a client stores its password to a server, authenticates itself using its password and shares a session key with the server. In multi-server PAKE, a client splits its password and stores them to several servers separately. Unless all the servers are compromised, client's password will not be disclosed in the multi-server setting. In attribute-based encryption (ABE), a sender encrypts a message M using a set of attributes and then a receiver decrypts it using the same set of attributes. In this paper, we introduce multi-server PAKE protocol that utilizes a set of attributes of ABE as a client's password. In the protocol, the client and servers do not need to create additional public/private key pairs because the password is used as a set of public keys. Also, the client and the servers exchange only one round-trip message per server. The protocol is secure against dictionary attacks. We prove our system is secure in a proposed threat model. Finally we show feasibility through evaluating the execution time of the protocol.

English Else

Travis Z. Suel

DOI: https://doi.org/10.48550/arXiv.1209.0967

2012-09-05

Abstract:Passwords are a fragile, inadequate, and insecure tool for authenticating users, and are especially fraught with problems when used to secure access to network resources and services. In many cases, passwords provide a false sense of security. Creating passwords which are both secure (i.e., hard for attackers to guess) and easy for humans to remember is, at best, a paradoxical task because these two criteria are diametrically opposed. Fortunately, a far more secure and user-friendly alternative is available. Public-key cryptography provides a means of both identifying and authenticating users without the need for passwords. KeyAuth is a generic and universal implementation of public-key authentication aimed at supplanting password-based authentication and significantly improving the security of network accessible resources by enhancing the usability of frequently used authentication mechanisms. KeyAuth is an application-, language-, operating system-, and protocol-independent public-key authentication service.

Cryptography and Security,Human-Computer Interaction

Jintai Ding,Saed Alsayigh,Jean Lancrenon,R. Saraswathy,Michael Snook

DOI: https://doi.org/10.1007/978-3-319-52153-4_11

2017-01-01

Abstract:Authenticated Key Exchange (AKE) is a cryptographic scheme with the aim to establish a high-entropy and secret session key over a insecure communications network. Password-Authenticated Key Exchange (PAKE) assumes that the parties in play share a simple password, which is cheap and human-memorable and is used to achieve the authentication. PAKEs are practically relevant as these features are extremely appealing in an age where most people access sensitive personal data remotely from more-and-more pervasive hand-held devices. Theoretically, PAKEs allow the secure computation and authentication of a high-entropy piece of data using a low-entropy string as a starting point. In this paper, we apply the recently proposed technique introduced in [19] to construct two lattice-based PAKE protocols enjoying a very simple and elegant design that is an parallel extension of the class of Random Oracle Model (ROM)-based protocols PAK and PPK [13,41], but in the lattice-based setting. The new protocol resembling PAK is three-pass, and provides mutual explicit authentication, while the protocol following the structure of PPK is two-pass, and provides implicit authentication. Our protocols rely on the Ring-Learning-with-Errors (RLWE) assumption, and exploit the additive structure of the underlying ring. They have a comparable level of efficiency to PAK and PPK, which makes them highly attractive. We present a preliminary implementation of our protocols to demonstrate that they are both efficient and practical. We believe they are suitable quantum safe replacements for PAK and PPK.

Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.31449/inf.v34i3.308

2010-01-01

Informatica

Abstract:Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for passwordauthenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S3PAKE.

Shuhong Wang,Jie Wang,Maozhi Xu

DOI: https://doi.org/10.1007/978-3-540-24852-1_30

2004-01-01

Abstract:A password-authenticated key exchange scheme allows two entities, who only share a memorable password, to authenticate each other and to agree on a. cryptographic session key. Instead of considering it in the classic client and server scenarios, Byun et al. recently proposed a password-authenticated key exchange protocol in a cross-realm setting where two clients in different realms obtain a secret session key as well as mutual authentication, with the help of respective servers. In this paper, we first, point out that the proposed protocol is not secure, due to the choice of invalid parameters (say, subgroup generator). Furthermore, we show in detail that, even with properly chosen parameters, the protocol has still some secure flaws. We provide three attacks to illustrate the insecurity of the protocol. Finally, countermeasures are also given, which are believed able to withstand our attacks.

Junhan Yang,Tianjie Cao

2011-01-01

Journal of Computational Information Systems

Abstract:With advances in elliptic curve cryptography, Li et al. and Yoon et al. proposed two password-authenticated key exchange protocols without server's public key. They claimed to be secure against several possible attacks, securely update user passwords without a complicated process, and also provide explicit key authentication in the case of a session key agreement. Unfortunately, Li et al.'s protocol is vulnerable to off-line dictionary attack and man-in-the-middle attack. Meanwhile Yoon et al.'s protocol is subject to off-line dictionary attack and fails to provide backward secrecy. In this paper, we conduct a detailed analysis on the flaws and also propose a verifier-based password-authenticated key exchange protocol via elliptic curves which is secure against various known attacks. Copyright © 2011 Binary Information Press.

SH Wang,F Bao,J Wang

DOI: https://doi.org/10.1093/ietcom/e88-b.4.1641

2005-01-01

IEICE Transactions on Communications

Abstract:In 2002, Zhu et al. proposed a password authenticated key exchange protocol based on RSA such that it is efficient enough to be implemented on most of the target low-power devices such as smart cards and low-power Personal Digital Assistants in imbalanced wireless networks. Recently, YEH et al. claimed that Zhu et al.'s protocol not only is insecure against undetectable on-line password guessing attack but also does not achieve explicit key authentication. Thus they presented an improved version. Unfortunately, we find that YEH et al.'s password guessing attack does not come into existence, and that their improved protocol is vulnerable to off-line dictionary attacks. In this paper we describe our observation in details, and also comment for the original protocol on how to achieve explicit key authentication as well as resist against other existent attacks.

YANG Jun-han,CAO Tian-jie

DOI: https://doi.org/10.6040/j.issn.1672-3961.0.2012.367

2013-01-01

Abstract:To guarantee the security of exchange protocol,a novel password-authenticated key exchange protocol without random oracle model was introduced.Clients’ identity information was delivered by the certificateless key encapsulation mechanism.The security of the proposed protocol was proved in the standard model based on decision Diffie-Hellman(DDH) assumption.Security analysis showed that the provided protocol was forward security and achieved mutual authentication,which could resist multiple attacks.

CL Lin,HM Sun,M Steiner,T Hwang

DOI: https://doi.org/10.1016/j.cose.2004.06.007

IF: 5.105

2004-01-01

Computers & Security

Abstract:Three-party key-exchange protocols with password authentication-clients share an easy-to-remember password with a trusted server only-are very suitable for applications requiring secure communications between many light-weight clients (end users); it is simply impractical that every two clients share a common secret. Steiner, Tsudik and Waidner (1995) proposed a realization of such a three-party protocol based on the encrypted key exchange (EKE) protocols. However, their protocol was later demonstrated to be vulnerable to off-line and undetectable on-line guessing attacks. Lin, Sun and Hwang (see ACM Operating Syst. Rev., vol.34, no. 4, p.12-20, 2000) proposed a secure three-party protocol with server public-keys. However, the approach of using server public-keys is not always a satisfactory solution and is impractical for some environments. We propose a secure three-party EKE protocol without server public-keys.