Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Public-key cryptography and password protocols: the multi-user case
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
More Efficient Password-Authenticated Key Exchange
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Systematic Design of Two-Party Authentication Protocols
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Efficient cryptographic protocols preventing "man-in-the-middle" attacks
Efficient cryptographic protocols preventing "man-in-the-middle" attacks
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Security proofs for an efficient password-based key exchange
Proceedings of the 10th ACM conference on Computer and communications security
Provably secure password-based authentication in TLS
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Fortifying password authentication in integrated healthcare delivery systems
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Strong password-based authentication in TLS using the three-party group Diffie Hellman protocol
International Journal of Security and Networks
Provably secure browser-based user-aware mutual authentication over TLS
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Provably Secure N-Party Authenticated Key Exchange in the Multicast DPWA Setting
Information Security and Cryptology
A Framework for Authenticated Key Exchange in the Standard Model
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
User-aware provably secure protocols for browser-based mutual authentication
International Journal of Applied Cryptography
nPAKE+: a tree-based group password-authenticated key exchange protocol using different passwords
Journal of Computer Science and Technology
Efficient and secure authenticated key exchange using weak passwords
Journal of the ACM (JACM)
ID-Based Group Password-Authenticated Key Exchange
IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
Analysing Password Protocol Security Against Off-line Dictionary Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
(Password) authenticated key establishment: from 2-party to group
TCC'07 Proceedings of the 4th conference on Theory of cryptography
nPAKE+: a hierarchical group password-authenticated key exchange protocol using different passwords
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Password-authenticated session-key generation on the internet in the plain model
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Provably secure three-party password-based authenticated key exchange protocol
Information Sciences: an International Journal
A scalable password-based group key exchange protocol in the standard model
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
One-Time verifier-based encrypted key exchange
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Efficient and leakage-resilient authenticated key transport protocol based on RSA
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Secure remote authentication using biometric data
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
One-Round protocol for two-party verifier-based password-authenticated key exchange
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Provably-Secure two-round password-authenticated group key exchange in the standard model
IWSEC'06 Proceedings of the 1st international conference on Security
Security analysis and enhancement for three-party password-based authenticated key exchange protocol
Security and Communication Networks
Multifactor authenticated key renewal
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Efficient password-based authenticated key exchange without public information
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
Password-only authenticated key exchange (PAKE) protocols are designed to be secure even when users choose short, easily-guessed passwords. Security requires, in particular, that the protocol cannot be broken by an off-line dictionary attack in which an adversary enumerates all possible passwords in an attempt to determine the correct one based on previously-viewed transcripts. Recently, provably-secure protocols for PAKE were given in the idealized random oracle/ideal cipher models [2,8,19] and in the standard model based on general assumptions [11] or the DDH assumption [14]. The latter protocol (the KOY protocol) is currently the only known practical solution based on standard assumptions. However, only a proof of basic security for this protocol has appeared. In the basic setting the adversary is assumed not to corrupt clients (thereby learning their passwords) or servers (thereby modifying the value of stored passwords). Simplifying and unifying previous work, we present a natural definition of security which incorporates the more challenging requirement of forward secrecy. We then demonstrate via an explicit attack that the KOY protocol as originally presented is not secure under this definition. This provides the first natural example showing that forward secrecy is a strictly stronger requirement for PAKE protocols. Finally, we present a slight modification of the KOY protocol which prevents the attack and - as the main technical contribution of this paper - rigorously prove that the modified protocol achieves forward secrecy.