Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Session-Key Generation Using Human Passwords Only
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Reusable cryptographic fuzzy extractors
Proceedings of the 11th ACM conference on Computer and communications security
Delegation of cryptographic servers for capture-resilient devices
Distributed Computing
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A theoretical treatment of related-key attacks: RKA-PRPS, RKA-PRFs, and applications
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Secure remote authentication using biometric data
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Universally composable password-based key exchange
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Robust fuzzy extractors and authenticated key agreement from close secrets
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Key exchange using passwords and long keys
TCC'06 Proceedings of the Third conference on Theory of Cryptography
A security enhancement and proof for authentication and key agreement (AKA)
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Principles, Systems and Applications of IP Telecommunications
Hi-index | 0.00 |
We study the problem of Key Exchange (KE), where authentication is two-factor and based on both electronically stored long keys and human-supplied credentials (passwords or biometrics). The latter credential has low entropy and may be adversarilymistyped. Our main contribution is the first formal treatment of mistyping in this setting.Ensuring security in presence of mistyping is subtle. We show mistyping-related limitations of previous KE definitions and constructions (of Boyen et al. [6,7,10] and Kolesnikov and Rackoff [16]).We concentrate on the practical two-factor authenticated KE setting where serversexchange keys with clients, who use short passwords (memorized) and long cryptographic keys (stored on a card). Our work is thus a natural generalization of Halevi-Krawczyk [15] and Kolesnikov-Rackoff [16]. We discuss the challenges that arise due to mistyping. We propose the first KE definitions in this setting, and formally discuss their guarantees. We present efficient KE protocols and prove their security.