Unconditionally-Secure Universally Composable Password-Based Key-Exchange based on One-Time Memory Tokens
نویسندگان
چکیده
We continue the recent trend in cryptography to study protocol design in presence of tamper-proof hardware tokens. We present a very efficient protocol for password-based authenticated key exchange based on the weak model of one-time memory tokens, recently introduced by Goldwasser et al. (Crypto 2008). Our protocol only requires four moves, very basic operations, and the sender to send ` tokens in the first step for passwords of length `. At the same time we achieve information-theoretic security in Canetti’s universal composition framework (FOCS 2001) against adaptive adversaries (assuming reliable erasure), even if the tokens are not guaranteed to be transferred in an authenticated way, i.e., even if the adversary can read or substitute transmitted tokens (as opposed to many previous efforts).
منابع مشابه
Universally Composable Two-Server PAKE
Two-Server Password Authenticated Key Exchange (2PAKE) protocols apply secret sharing techniques to achieve protection against server-compromise attacks. 2PAKE protocols eliminate the need for password hashing and remain secure as long as one of the servers remains honest. This concept has also been explored in connection with two-server password authenticated secret sharing (2PASS) protocols f...
متن کاملUniversally Composable Password-Based Key Exchange
We propose and realize a definition of security for passwordbased key exchange within the framework of universally composable (UC) security, thus providing security guarantees under arbitrary composition with other protocols. In addition, our definition captures some aspects of the problem that were not adequately addressed by most prior notions. For instance, it does not assume any underlying ...
متن کاملIntercepting Tokens: The Empire Strikes Back in the Clone Wars
We discuss interception attacks on cryptographic protocols which rely on trustworthy hardware like one-time memory tokens (Goldwasser et al., Crypto 2008). In such attacks the adversary can mount man-in-the-middle attacks and access, or even substitute, transmitted tokens. We show that many of the existing token-based protocols are vulnerable against this kind of attack, which typically lies ou...
متن کاملUnconditionally Secure and Universally Composable Commitments from Physical Assumptions
We present a constant-round unconditional black-box compiler, that transforms any ideal straightline extractable commitment scheme, into an extractable and equivocal commitment scheme, therefore yielding to UC-security [Can01]. We exemplify the usefulness of our compiler providing two (constantround) instantiations of ideal straight-line extractable commitment using (malicious) PUFs [OSVW13] an...
متن کامللبخوانی: روش جدید احراز هویت در برنامههای کاربردی گوشیهای تلفن همراه اندروید
Today, mobile phones are one of the first instruments every individual person interacts with. There are lots of mobile applications used by people to achieve their goals. One of the most-used applications is mobile banks. Security in m-bank applications is very important, therefore modern methods of authentication is required. Most of m-bank applications use text passwords which can be stolen b...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2012 شماره
صفحات -
تاریخ انتشار 2012