On simple and secure key distribution

Authors:
Gene Tsudik;Els Van Herreweghen
Affiliations:
Communications and Computer Science Department, IBM Zürich Research Laboratory, CH-8803 Rüschlikon, Switzerland;Communications and Computer Science Department, IBM Zürich Research Laboratory, CH-8803 Rüschlikon, Switzerland
Venue:
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Year:
1993

Citing 11
Cited 7

Authentication revisited

ACM SIGOPS Operating Systems Review
Using one-way functions for authentication

ACM SIGCOMM Computer Communication Review
A logic of authentication

SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Message authentication with one-way hash functions

IEEE INFOCOM '92 Proceedings of the eleventh annual joint conference of the IEEE computer and communications societies on One world through communications (Vol. 3)
Entity authentication and key distribution

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Timestamps in key distribution protocols

Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Using encryption for authentication in large networks of computers

Communications of the ACM
Limitations of the Kerberos authentication system

ACM SIGCOMM Computer Communication Review
KryptoKnight Authentication and Key Distribution System

ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Systematic Design of Two-Party Authentication Protocols

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology

Secure protocol transformation via “expansion”: from two-party to groups

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Scalability and Flexibility in Authentication Services: The KryptoKnight Approach

INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
Towards designing a trusted routing solution in mobile ad hoc networks

Mobile Networks and Applications
A Unified Approach to Related-Key Attacks

Fast Software Encryption
On the existence of related-key oracles in cryptosystems based on block ciphers

OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

The encrypted key exchange (EKE) protocol is augmented so that hosts do not store cleartext passwords. Consequently, adversaries who obtain the one-way encrypted password file may (i) successfully mimic (spoof) the host to the user, and (ii) mount dictionary attacks against the encrypted passwords, but cannot mimic the user to the host. Moreover, the important security properties of EKE are preserved—an active network attacker obtains insufficient information to mount dictionary attacks. Two ways to accomplish this are shown, one using digital signatures and one that relies on a family of commutative one-way functions.