ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Halting password puzzles: hard-to-break encryption from human-memorable keys
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
HPAKE: Password Authentication Secure against Cross-Site User Impersonation
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
An efficient password-only two-server authenticated key exchange system
ICICS'07 Proceedings of the 9th international conference on Information and communications security
A secure dynamic identity based authentication protocol for multi-server architecture
Journal of Network and Computer Applications
Password-protected secret sharing
Proceedings of the 18th ACM conference on Computer and communications security
Ideal secret sharing schemes with share selectability
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Two-server password-only authenticated key exchange
Journal of Computer and System Sciences
Threshold password-based authenticated group key exchange in gateway-oriented setting
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
A method for making password-based key exchange resilient to server compromise
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
SSO password-based multi-server authentication protocol
International Journal of Communication Networks and Distributed Systems
Future Generation Computer Systems
Advanced remote user authentication protocol for multi-server architecture based on ECC
Journal of Information Security and Applications
Hi-index | 0.00 |
In most password-authenticated key exchange systems there is a single server storing password verification data. To provide some resilience against server compromise, this data typically takes the form of a one-way function of the password (and possibly a salt, or other public values) rather than the password itself. However, if the server is compromised, this password verification data can be used to perform an off-line dictionary attack on the user's password. In this paper we propose an efficient password-authenticated key exchange system involving a set of servers with known public keys, in which a certain threshold of servers must participate in the authentication of a user, and in which the compromise of any fewer than that threshold of servers does not allow an attacker to perform an off-line dictionary attack. We prove our system is secure in the random oracle model under the Decision Diffie-Hellman assumption against an attacker that may eavesdrop on, insert, delete, or modify messages between the user and servers, and that compromises fewer than that threshold of servers.