How to construct random functions
Journal of the ACM (JACM)
Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Authentication and authenticated key exchanges
Designs, Codes and Cryptography
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Network security: private communication in a public world
Network security: private communication in a public world
Refinement and extension of encrypted key exchange
ACM SIGOPS Operating Systems Review
Adaptively secure multi-party computation
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Password authentication with insecure communication
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys
Proceedings of the 5th International Workshop on Security Protocols
Secure Applications of Low-Entropy Keys
ISW '97 Proceedings of the First International Workshop on Information Security
SKEME: a versatile secure key exchange mechanism for Internet
SNDSS '96 Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96)
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Secure password-based cipher suite for TLS
ACM Transactions on Information and System Security (TISSEC)
Simple authenticated key agreement protocol resistant to password guessing attacks
ACM SIGOPS Operating Systems Review
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?)
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
A systematic approach for encryption and authentication with fault tolerance
Computer Networks: The International Journal of Computer and Telecommunications Networking
Spy-resistant keyboard: more secure password entry on public touch screen displays
OZCHI '05 Proceedings of the 17th Australia conference on Computer-Human Interaction: Citizens Online: Considerations for Today and the Future
Performance analysis of TLS Web servers
ACM Transactions on Computer Systems (TOCS)
Fortifying password authentication in integrated healthcare delivery systems
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Security analysis of a password-based authentication protocol proposed to IEEE 1363
Theoretical Computer Science
A framework for password-based authenticated key exchange1
ACM Transactions on Information and System Security (TISSEC)
Provably secure threshold password-authenticated key exchange
Journal of Computer and System Sciences
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
An Elliptic Curve Based Authenticated Key Agreement Protocol for Wireless Security
Computational Intelligence and Security
Password Mistyping in Two-Factor-Authenticated Key Exchange
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Two-factor mutual authentication based on smart cards and passwords
Journal of Computer and System Sciences
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Efficient and secure authenticated key exchange using weak passwords
Journal of the ACM (JACM)
Password authenticated key exchange protocols among diverse network domains
Computers and Electrical Engineering
ID-Based Group Password-Authenticated Key Exchange
IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
Password Authenticated Key Exchange Based on RSA in the Three-Party Settings
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Analysing Password Protocol Security Against Off-line Dictionary Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Improved client authentication using session authentication in the internet
HSI'03 Proceedings of the 2nd international conference on Human.society@internet
Efficient and non-malleable proofs of plaintext knowledge and applications
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Provably secure threshold password-authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Forward secrecy in password-only key exchange protocols
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Faster and shorter password-authenticated key exchange
TCC'08 Proceedings of the 5th conference on Theory of cryptography
A new framework for efficient password-based authenticated key exchange
Proceedings of the 17th ACM conference on Computer and communications security
An enhanced password authenticated key agreement protocol for wireless mobile network
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Rethinking about guessing attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Round-optimal password-based authenticated key exchange
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Formal analysis and systematic construction of two-factor authentication scheme (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
A simple threshold authenticated key exchange from short secrets
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Interactive diffie-hellman assumptions with applications to password-based authentication
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Two-server password-only authenticated key exchange
Journal of Computer and System Sciences
Authenticated public key distribution scheme without trusted third party
EUC'05 Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Client authentication model using duplicated authentication server systems
AIS'04 Proceedings of the 13th international conference on AI, Simulation, and Planning in High Autonomy Systems
Two-Server password-only authenticated key exchange
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Simple password-based encrypted key exchange protocols
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Secure password authentication for keystroke dynamics
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part III
Universally composable password-based key exchange
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Secure protected password change scheme
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
A protocol for secure public instant messaging
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Password based server aided key exchange
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Key exchange using passwords and long keys
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Multifactor authenticated key renewal
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Practical yet universally composable two-server password-authenticated secret sharing
Proceedings of the 2012 ACM conference on Computer and communications security
Efficient password-based authenticated key exchange without public information
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Anonymous password-based key exchange with low resources consumption and better user-friendliness
Security and Communication Networks
NSS'12 Proceedings of the 6th international conference on Network and System Security
Single password authentication
Computer Networks: The International Journal of Computer and Telecommunications Networking
Personal and Ubiquitous Computing
Hi-index | 0.00 |
We study protocols for strong authentication and key exchange in asymmetric scenarios where the authentication server possesses ~a pair of private and public keys while the client has only a weak human-memorizable password as its authentication key. We present and analyze several simple password authentication protocols in this scenario, and show that the security of these protocols can be formally proven based on standard cryptographic assumptions. Remarkably, our analysis shows optimal resistance to off-line password guessing attacks under the choice of suitable public key encryption functions. In addition to user authentication, we describe ways to enhance these protocols to provide two-way authentication, authenticated key exchange, defense against server's compromise, and user anonymity. We complement these results with a proof that strongly indicates that public key techniques are unavoidable for password protocols that resist off-line guessing attacks. As a further contribution, we introduce the notion of public passwords that enables the use of the above protocols in situations where the client's machine does not have the means to validate the server's public key. Public passwords serve as "hand-held certificates" that the user can carry without the need for specal computing devices.