Using one-way functions for authentication
ACM SIGCOMM Computer Communication Review
Lower bounds on messages and rounds for network authentication protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Session-Key Generation Using Human Passwords Only
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Class of Flexible and Efficient Key Management Protocols
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
An extension to bellare and rogaway (1993) model: resetting compromised long-term keys
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
An extension to bellare and rogaway (1993) model: resetting compromised long-term keys
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
Hi-index | 0.00 |
A security proof in the Bellare–Rogaway model and the random oracle model is provided for a protocol closely based on one originally proposed by Boyd (1996), which enjoys some remarkable efficiency properties. The model is extended so that it can detect a known weakness of the protocol that cannot be captured in the original model. An alternative protocol is proposed, provably secure in the extended model and the random oracle model, and offering the same efficiency features as the original protocol. Moreover, our alternative protocol provides key confirmation and forward secrecy. It also allows session keys to be renewed in subsequent sessions without the server's further involvement even in the event that the long-term key or the earlier session key have been compromised.