How to construct random functions
Journal of the ACM (JACM)
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Secure password-based authenticated key exchange for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
One-Time verifier-based encrypted key exchange
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Analysis of the SSH key exchange protocol
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Hi-index | 0.00 |
To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying onetime password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. We give a formal security treatment of this important practical problem. We consider the use of one-time passwords in the context of password-authenticated key exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks. We describe a security model for the use of one-time passwords, explicitly considering the compromise of past (and future) one-time passwords, and show a general technique for building a secure one-time-PAKE protocol from any secure PAKE protocol. Our techniques also allow for the secure use of pseudorandomly generated and time-dependent passwords.