Password Mistyping in Two-Factor-Authenticated Key Exchange

Authors:
Vladimir Kolesnikov;Charles Rackoff
Affiliations:
Bell Labs, , Murray Hill, USA NJ 07974;Dept. Computer Science, University of Toronto, Canada
Venue:
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Year:
2008

Citing 12
Cited 2

Public-key cryptography and password protocols

ACM Transactions on Information and System Security (TISSEC)
Session-Key Generation Using Human Passwords Only

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Reusable cryptographic fuzzy extractors

Proceedings of the 11th ACM conference on Computer and communications security
Delegation of cryptographic servers for capture-resilient devices

Distributed Computing
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A theoretical treatment of related-key attacks: RKA-PRPS, RKA-PRFs, and applications

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Secure remote authentication using biometric data

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Universally composable password-based key exchange

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Robust fuzzy extractors and authenticated key agreement from close secrets

CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Key exchange using passwords and long keys

TCC'06 Proceedings of the Third conference on Theory of Cryptography

A security enhancement and proof for authentication and key agreement (AKA)

SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
A secure and lightweight scheme for media keying in the session initiation protocol (SIP): work in progress

Principles, Systems and Applications of IP Telecommunications

Quantified Score

Hi-index	0.00

Visualization

Abstract

We study the problem of Key Exchange (KE), where authentication is two-factor and based on both electronically stored long keys and human-supplied credentials (passwords or biometrics). The latter credential has low entropy and may be adversarilymistyped. Our main contribution is the first formal treatment of mistyping in this setting.Ensuring security in presence of mistyping is subtle. We show mistyping-related limitations of previous KE definitions and constructions (of Boyen et al. [6,7,10] and Kolesnikov and Rackoff [16]).We concentrate on the practical two-factor authenticated KE setting where serversexchange keys with clients, who use short passwords (memorized) and long cryptographic keys (stored on a card). Our work is thus a natural generalization of Halevi-Krawczyk [15] and Kolesnikov-Rackoff [16]. We discuss the challenges that arise due to mistyping. We propose the first KE definitions in this setting, and formally discuss their guarantees. We present efficient KE protocols and prove their security.