Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Threshold Password-Authenticated Key Exchange
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Security proofs for an efficient password-based key exchange
Proceedings of the 10th ACM conference on Computer and communications security
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure threshold password-authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Interactive diffie-hellman assumptions with applications to password-based authentication
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Efficient verifier-based password-authenticated key exchange in the three-party setting
Computer Standards & Interfaces
Threshold cryptography based on Asmuth-Bloom secret sharing
Information Sciences: an International Journal
Recursive protocol for group-oriented authentication with key distribution
Journal of Systems and Software
Anonymous and Transparent Gateway-Based Password-Authenticated Key Exchange
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Server-Controlled Identity-Based Authenticated Key Exchange
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Simple password-based three-party authenticated key exchange without server public keys
Information Sciences: an International Journal
A logic programming based framework for security protocol verification
ISMIS'08 Proceedings of the 17th international conference on Foundations of intelligent systems
Gateway-oriented password-authenticated key exchange protocol with stronger security
ProvSec'11 Proceedings of the 5th international conference on Provable security
Enhancing the security and efficiency of 3-d secure
ISC'06 Proceedings of the 9th international conference on Information Security
Gateway-oriented password-authenticated key exchange protocol in the standard model
Journal of Systems and Software
Threshold password-based authenticated group key exchange in gateway-oriented setting
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Hi-index | 0.00 |
This paper brings the password-based authenticated key exchange (PAKE) problem closer to practice. It takes into account the presence of firewalls when clients communicate with authentication servers. An authentication server can indeed be seen as two distinct entities, namely a gateway (which is the direct interlocutor of the client) and a back-end server (which is the only one able to check the identity of the client). The goal in this setting is to achieve both transparency and security for the client. And to achieve these goals, the most appropriate choices seem to be to keep the client’s password private even from the back-end server and use threshold-based cryptography. In this paper, we present the Threshold Password-based Authenticated Key Exchange (GTPAKE) system: GTPAKE uses a pair of public/private keys and, unlike traditional threshold-based constructions, shares only the private key among the servers. The system does no require any certification except during the registration and update of clients’ passwords since clients do not use the public-key to authenticate to the gateway. Clients only need to have their password in hand. In addition to client security, this paper also presents highly-desirable security properties such as server password protection against dishonest gateways and key privacy against curious authentication servers.