Refinement and extension of encrypted key exchange
ACM SIGOPS Operating Systems Review
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys
Proceedings of the 5th International Workshop on Security Protocols
Optimal authentication protocols resistant to password guessing attacks
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
On diffie-hellman key agreement with short exponents
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Secure password-based cipher suite for TLS
ACM Transactions on Information and System Security (TISSEC)
Simple authenticated key agreement protocol resistant to password guessing attacks
ACM SIGOPS Operating Systems Review
Security Enhancement for the "Simple Authentication Key Agreement Algorithm"
COMPSAC '00 24th International Computer Software and Applications Conference
Password Authentication Using Multiple Servers
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
More Efficient Password-Authenticated Key Exchange
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Password-Authenticated Key Exchange Based on RSA
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2)
Proceedings of the International Exhibition and Congress on Secure Networking - CQRE (Secure) '99
Password-based user authentication and key distribution protocols for client-server applications
Journal of Systems and Software
Secure key agreement protocols for three-party against guessing attacks
Journal of Systems and Software - Special issue: Software engineering education and training
Efficient authenticated key agreement protocols resistant to a denial-of-service attack
International Journal of Network Management
Password authenticated key exchange using hidden smooth subgroups
Proceedings of the 12th ACM conference on Computer and communications security
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Password-based authentication and key distribution protocols with perfect forward secrecy
Journal of Computer and System Sciences
Potential weaknesses of AuthA password-authenticated key agreement protocols
Computer Standards & Interfaces
PDM: a new strong password-based protocol
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PDM: a new strong password-based protocol
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
A server-aided signature scheme for mobile commerce
IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
Secure Password Authentication for Distributed Computing
Computational Intelligence and Security
Practical Password-Based Authenticated Key Exchange Protocol
Computational Intelligence and Security
Anonymous and Transparent Gateway-Based Password-Authenticated Key Exchange
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
A novel software key container in on-line media services
Computers and Electrical Engineering
Communication-efficient three-party protocols for authentication and key agreement
Computers & Mathematics with Applications
Very-Efficient Anonymous Password-Authenticated Key Exchange and Its Extensions
AAECC-18 '09 Proceedings of the 18th International Symposium on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
nPAKE+: a tree-based group password-authenticated key exchange protocol using different passwords
Journal of Computer Science and Technology
Efficient and secure authenticated key exchange using weak passwords
Journal of the ACM (JACM)
Password authenticated key exchange protocols among diverse network domains
Computers and Electrical Engineering
Password Authenticated Key Exchange Based on RSA in the Three-Party Settings
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
EPA: an efficient password-based protocol for authenticated key exchange
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
nPAKE+: a hierarchical group password-authenticated key exchange protocol using different passwords
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Repairing the bluetooth pairing protocol
Proceedings of the 13th international conference on Security protocols
J-PAKE: authenticated key exchange without PKI
Transactions on computational science XI
Password authenticated key exchange by juggling
Security'08 Proceedings of the 16th International conference on Security protocols
Password based key exchange with mutual authentication
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Security analysis of secure password authentication for keystroke dynamics
KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
On the security of some password-based key agreement schemes
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Security analysis of password-authenticated key agreement protocols
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Secure password authentication for keystroke dynamics
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part III
A method for making password-based key exchange resilient to server compromise
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
One-Round protocol for two-party verifier-based password-authenticated key exchange
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Key agreement in ad hoc networks
Computer Communications
BetterAuth: web authentication revisited
Proceedings of the 28th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Abstract: Strong password methods verify even small passwords over a network without additional stored keys or certificates with the user, and without fear of network dictionary attack. We describe a new extension to further limit exposure to theft of a stored password-verifier, and apply it to several protocols including the Simple Password Exponential Key Exchange (SPEKE). Alice proves knowledge of a password C to Bob, who has a stored verifier S, where S=g/sup C/ mod p. They perform a SPEKE exchange based on the shared secret S to derive ephemeral shared key K/sub 1/. Bob chooses a random X and sends g/sup X/ mod p. Alice computes K=g/sup XC/ mod p, and proves knowledge of {K/sub 1/,K/sub 2/}. Bob verifies this result to confirm that Alice knows C. Implementation issues are summarized, showing the potential for improved performance over Bellovin and Merritt's comparably strong Augmented-Encrypted Key Exchange. These methods make the password a strong independent factor in authentication, and are suitable for both Internet and intranet use.