Public-key cryptography and password protocols
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Secure password-based cipher suite for TLS
ACM Transactions on Information and System Security (TISSEC)
A note on proactive password checking
Proceedings of the 2001 workshop on New security paradigms
Elliptic Curve Based Password Authenticated Key Exchange Protocols
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Over the Air Service Provisioning
SAC '98 Proceedings of the Selected Areas in Cryptography
Session-Key Generation Using Human Passwords Only
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Password-Authenticated Key Exchange Based on RSA
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Extended Password Key Exchange Protocols Immune to Dictionary Attacks
WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Password authenticated key exchange using hidden smooth subgroups
Proceedings of the 12th ACM conference on Computer and communications security
Security analysis of a password-based authentication protocol proposed to IEEE 1363
Theoretical Computer Science
A framework for password-based authenticated key exchange1
ACM Transactions on Information and System Security (TISSEC)
PDM: a new strong password-based protocol
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PDM: a new strong password-based protocol
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A future-adaptive password scheme
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
Protocols for purpose-restricted anonymous communications in IP-based wireless networks
Computer Communications
Practical Password-Based Authenticated Key Exchange Protocol
Computational Intelligence and Security
Weakness in a RSA-based password authenticated key exchange protocol
Information Processing Letters
A Secure Authenticated Key Exchange Protocol for Credential Services
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
RSA-Based Password-Authenticated Key Exchange, Revisited
IEICE - Transactions on Information and Systems
Efficient and secure authenticated key exchange using weak passwords
Journal of the ACM (JACM)
Cryptanalysis of some improved password-authenticated key exchange schemes
Computer Communications
ID-Based Group Password-Authenticated Key Exchange
IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
Password Authenticated Key Exchange Based on RSA in the Three-Party Settings
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A framework for password-based authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Computationally-efficient password authenticated key exchange based on quadratic residues
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Repairing the bluetooth pairing protocol
Proceedings of the 13th international conference on Security protocols
Faster and shorter password-authenticated key exchange
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Wireless Personal Communications: An International Journal
Password based key exchange protocols on elliptic curves which conceal the public parameters
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
J-PAKE: authenticated key exchange without PKI
Transactions on computational science XI
Password authenticated key exchange by juggling
Security'08 Proceedings of the 16th International conference on Security protocols
Provably secure three-party password-based authenticated key exchange protocol
Information Sciences: an International Journal
An authentication and key exchange protocol for secure credential services
ISC'06 Proceedings of the 9th international conference on Information Security
Secure sessions from weak secrets
Proceedings of the 11th international conference on Security Protocols
Password-based encryption analyzed
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
A lower-bound of complexity for RSA-Based password-authenticated key exchange
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
Threshold password-based authenticated group key exchange in gateway-oriented setting
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
A method for making password-based key exchange resilient to server compromise
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Efficient password-authenticated key exchange based on RSA
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Perfectly secure password protocols in the bounded retrieval model
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Security analysis and enhancement for three-party password-based authenticated key exchange protocol
Security and Communication Networks
Key agreement in ad hoc networks
Computer Communications
A secure DRM framework for user's domain and key management
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
Composition of password-based protocols
Formal Methods in System Design
Hi-index | 0.00 |
Abstract: Encrypted Key Exchange (EKE) (S. Bellovin and M. Merritt, 1992; 1993) allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE promises security against active attacks and dictionary attacks. Other secure protocols have been proposed based on the use of randomized confounders (L. Gong et al., 1993). We use some basic results from number theory to present password guessing attacks on all versions of EKE discussed in the paper (S. Bellovin and M. Merritt, 1992) and we also offer countermeasures to the attacks. However for the RSA version of EKE, we show that simple modifications are not enough to rescue the protocol. Attacks are also presented on half encrypted versions of EKE. We also show how randomized confounders cannot protect Direct Authentication Protocol and Secret Public Key Protocol versions of a secure password scheme from attacks. We discuss why these attacks are possible against seemingly secure protocols and what is necessary to make secure protocols.