Proofs for Two-Server Password Authentication

نویسندگان

  • Michael Szydlo
  • Burton S. Kaliski
چکیده

Traditional password-based authentication and key-exchange protocols suffer from the simple fact that a single server stores the sensitive user password. In practice, when such a server is compromised, a large number of user passwords, (usually password hashes) are exposed at once. A natural solution involves splitting password between two or more servers. This work formally models the basic security requirement for two-server password authentication protocols, and in this framework provides concrete security proofs for two protocols. The first protocol considered [7] appeared at USENIX’03, but contained no security proof. For this protocol, we provide a concrete reduction to the computational Diffie-Hellman problem in the random oracle model. Next we present a second protocol, based on the same hard problem, but which is simpler, and has an easier, tighter reduction proof.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Provably Secure Threshold Password-Authenticated Key Exchange

We present two protocols for threshold password authenticated key exchange. In this model for password authentication, the password is not stored in a single authenticating server but rather shared among a set of n servers so that an adversary can learn the password only by breaking into t+ 1 of them. The protocols require n > 3t servers to work. The goal is to protect the password against hack...

متن کامل

Two Factor Zero Knowledge Proof Authentication System

It is often necessary to log onto a website or other system from an untrusted device using an untrusted connection. In this paper, we propose a login protocol that can be implemented to allow security in this situation. The protocol is a two factor authentication scheme which utilizes zero knowledge proofs to convince a server, over an unsecure connection, that the user knows his password witho...

متن کامل

Provably Secured Two Server Hash Password Authentication

The techniques of secured socket layer (SSL) with client-side certificates for commercial web sites rely on a relatively weak form of password authentication. Browser sends a user’s plaintext password to a remote web server using SSL is vulnerable to attack. In common password attacks, hackers exploit the fact that web users often use the same password at many different sites. This has drawn at...

متن کامل

The AuthA Protocol for Password Based Authenticated Key Exchange Contribution to IEEE P and its study group looking at new projects

We suggest a simple protocol AuthA for the problem of password based authenticated key exchange AKE We assume the asymmetric trust model the client A has a password pwa and the server B has a particular one way function of this pwb Two ows of the protocol comprise a Di e Hellman key exchange using a group on which the Di e Hellman problem is hard At least one of these two ows is encrypted using...

متن کامل

Advancements in Password-based Cryptography

Password-based authentication is the most popular authentication mechanism for humans today, not only on the internet. Despite increasing efforts to move to supposedly more secure alternatives, password-based authentication is most likely to stay for the foreseeable future due to its user experience and convenience. However, although secure cryptographic protocols for password-based authenticat...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005