Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Computer
Proceedings of the International Workshop on Security Protocols
Protocol Interactions and the Chosen Protocol Attack
Proceedings of the 5th International Workshop on Security Protocols
Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys
Proceedings of the 5th International Workshop on Security Protocols
Optimal authentication protocols resistant to password guessing attacks
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Multi-channel key agreement using encrypted public key exchange
Proceedings of the 15th international conference on Security protocols
“Fair” authentication in pervasive computing
MADNES'05 Proceedings of the First international conference on Secure Mobile Ad-hoc Networks and Sensors
Auditable anonymous delegation
ICISS'05 Proceedings of the First international conference on Information Systems Security
Hi-index | 0.00 |
Sometimes two parties who already share a weak secret k such as a password wish to share also a strong secret s such as a session key without revealing information about k to an active attacker. We assume that both parties can generate strong random numbers and forget secrets, and present new protocols for secure strong secret sharing, based on RSA, Diffie-Hellman, and El-Gamal. As well as being simpler and quicker than their predecessors, our protocols also have stronger security properties. In particular, our protocols make no cryptographic use of s and so do not impose subtle restrictions upon the use which is subsequently made of s by other protocols. Neither do we rely upon the existence of hash functions with serendipitous properties. In the course of presenting these protocols, we also consider how to frustrate some new types of cryptographic and system attack.