Secure password-based authenticated key exchange for web services

Authors:
Liang Fang;Samuel Meder;Olivier Chevassut;Frank Siebenlist
Affiliations:
Indiana University;University of Chicago;Lawrence Berkeley National Laboratory;Argonne National Laboratory
Venue:
SWS '04 Proceedings of the 2004 workshop on Secure web service
Year:
2004

Citing 7
Cited 4

Computational grids

The grid
Security for Grid Services

HPDC '03 Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing
An Online Credential Repository for the Grid: MyProxy

HPDC '01 Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Security proofs for an efficient password-based key exchange

Proceedings of the 10th ACM conference on Computer and communications security
Performance Comparison of Security Mechanisms for Grid Services

GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
One-Time verifier-based encrypted key exchange

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography

Provably secure password-based authentication in TLS

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A Secure Authenticated Key Exchange Protocol for Credential Services

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
One-time-password-authenticated key exchange

ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
One-Time verifier-based encrypted key exchange

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-SecureConversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WS-ResourceFramework-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.