Authenticated Key Exchange Secure against Dictionary Attacks
نویسندگان
چکیده
Password-based protocols for authenticated key exchange (AKE) are designed to work despite the use of passwords drawn from a space so small that an adversary might well enumerate, off line, all possible passwords. While several such protocols have been suggested, the underlying theory has been lagging. We begin by defining a model for this problem, one rich enough to deal with password guessing, forward secrecy, server compromise, and loss of session keys. The one model can be used to define various goals. We take AKE (with “implicit” authentication) as the “basic” goal, and we give definitions for it, and for entity-authentication goals as well. Then we prove correctness for the idea at the center of the Encrypted Key-Exchange (EKE) protocol of Bellovin and Merritt: we prove security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.
منابع مشابه
Encrypted key exchange: password-based protocols secure against dictionary attacks
Classical cryptographic protocols based on user chosen keys allow an attacker to mount password guessing attacks We introduce a novel combination of asymmetric public key and symmetric secret key cryptography that allow two parties sharing a common password to exchange con dential and authenticated information over an insecure network These proto cols are secure against active attacks and have ...
متن کاملAuthenticated Key Exchange Protocol Secure against Offline Dictionary Attack and Server Compromise
This paper introduces a new scheme, called Augmented Password AKE (APAKE), for authenticated key exchange protocols. In APAKE, a password is represented by a pair of values that is randomly selected in a huge space. We present an APAKE protocol. The protocol is secure against the attacks including off-line dictionary attack and server compromise allowing for subsequent off-line dictionary attac...
متن کاملPassword-Authenticated Multi-Party Key Exchange with Different Passwords
Password-authenticated key exchange (PAKE) allows two or multiple parties to share a session key using a human-memorable password only. PAKE has been applied in various environments, especially in the “clientserver” model of remotely accessed systems. Designing a secure PAKE scheme has been a challenging task because of the low entropy of password space and newly recognized attacks in the emerg...
متن کاملEfficient verifier-based password-authenticated key exchange in the three-party setting
In the last few years, researchers have extensively studied the password-authenticated key exchange (PAKE) in the three-party setting. The fundamental security goal of PAKE is security against dictionary attacks. The protocols for verifier-based PAKE are additionally required to be secure against server compromise. Some verifier-based PAKE schemes in the three-party setting have been suggested ...
متن کاملNumber Theoretic Attacks on Secure Password Schemes
Encrypted Key Exchange (EKE) [1, 2] allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE promises security against active attacks and dictionary attacks. Other secure protocols have been proposed based on the use of randomized
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2000 شماره
صفحات -
تاریخ انتشار 2000