Threshold Password-Authenticated Key Exchange

Authors:
Philip MacKenzie;Thomas Shrimpton;Markus Jakobsson
Affiliations:
Bell Laboratories, Lucent Technologies, Murray Hill, NJ 07974, USA;Department of Computer Science, Portland State University, Portland, OR 97207, USA;School of Informatics, Indiana University at Bloomington, Bloomington, IN 47408, USA
Venue:
Journal of Cryptology
Year:
2006

Citing 0
Cited 13

Spelling-error tolerant, order-independent pass-phrases via the damerau-levenshtein string-edit distance metric

ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Halting password puzzles: hard-to-break encryption from human-memorable keys

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
HPAKE: Password Authentication Secure against Cross-Site User Impersonation

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
An efficient password-only two-server authenticated key exchange system

ICICS'07 Proceedings of the 9th international conference on Information and communications security
A secure dynamic identity based authentication protocol for multi-server architecture

Journal of Network and Computer Applications
Password-protected secret sharing

Proceedings of the 18th ACM conference on Computer and communications security
Ideal secret sharing schemes with share selectability

ICICS'11 Proceedings of the 13th international conference on Information and communications security
Two-server password-only authenticated key exchange

Journal of Computer and System Sciences
Threshold password-based authenticated group key exchange in gateway-oriented setting

ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
A method for making password-based key exchange resilient to server compromise

CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
SSO password-based multi-server authentication protocol

International Journal of Communication Networks and Distributed Systems
A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients

Future Generation Computer Systems
Advanced remote user authentication protocol for multi-server architecture based on ECC

Journal of Information Security and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In most password-authenticated key exchange systems there is a single server storing password verification data. To provide some resilience against server compromise, this data typically takes the form of a one-way function of the password (and possibly a salt, or other public values) rather than the password itself. However, if the server is compromised, this password verification data can be used to perform an off-line dictionary attack on the user's password. In this paper we propose an efficient password-authenticated key exchange system involving a set of servers with known public keys, in which a certain threshold of servers must participate in the authentication of a user, and in which the compromise of any fewer than that threshold of servers does not allow an attacker to perform an off-line dictionary attack. We prove our system is secure in the random oracle model under the Decision Diffie-Hellman assumption against an attacker that may eavesdrop on, insert, delete, or modify messages between the user and servers, and that compromises fewer than that threshold of servers.