Efficient and timely mutual authentication
ACM SIGOPS Operating Systems Review
Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
ACM Transactions on Computer Systems (TOCS)
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Refinement and extension of encrypted key exchange
ACM SIGOPS Operating Systems Review
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
Timestamps in key distribution protocols
Communications of the ACM
Password security: a case history
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
UNIX Password Security - Ten Years Later
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
A Modular Approach to Key Distribution
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Optimal authentication protocols resistant to password guessing attacks
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
An Adaptable and Reliable Authentication Protocol for Communication Networks
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
New directions in cryptography
IEEE Transactions on Information Theory
Protecting poorly chosen secrets from guessing attacks
IEEE Journal on Selected Areas in Communications
Research and Realization of Authentication Technique Based on OTP and Kerberos
HPCASIA '05 Proceedings of the Eighth International Conference on High-Performance Computing in Asia-Pacific Region
Remote authentication with forward security
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Hi-index | 0.24 |
We propose authentication and key exchange protocols which are both efficient and secure against password guessing attacks. Conventional authentication protocols have assumed that a strong secret should be shared between communicating participants, in the light of a threat of guessing attacks. A cryptographically long secret would be favored for security reasons, but it is not suitable for users to remember. Recent password-based protocols to defeat guessing attacks are more expensive than previous ones, in terms of the computation and communication costs. Using a one-time pad and a strong one-way hash function, we promote both security and efficiency. Thereby, we also verify our protocol formally.