One-time-password-authenticated key exchange

Authors:
Kenneth G. Paterson;Douglas Stebila
Affiliations:
Royal Holloway, University of London, Egham, Surrey, UK;Information Security Institute, Queensland University of Technology, Brisbane, Australia
Venue:
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Year:
2010

Citing 8
Cited 1

How to construct random functions

Journal of the ACM (JACM)
Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Secure password-based authenticated key exchange for web services

SWS '04 Proceedings of the 2004 workshop on Secure web service
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
One-Time verifier-based encrypted key exchange

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography

Analysis of the SSH key exchange protocol

IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding

Quantified Score

Hi-index	0.00

Visualization

Abstract

To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying onetime password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. We give a formal security treatment of this important practical problem. We consider the use of one-time passwords in the context of password-authenticated key exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks. We describe a security model for the use of one-time passwords, explicitly considering the compromise of past (and future) one-time passwords, and show a general technique for building a secure one-time-PAKE protocol from any secure PAKE protocol. Our techniques also allow for the secure use of pseudorandomly generated and time-dependent passwords.