Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Secure password-based cipher suite for TLS
ACM Transactions on Information and System Security (TISSEC)
Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys
Proceedings of the 5th International Workshop on Security Protocols
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Security proofs for an efficient password-based key exchange
Proceedings of the 10th ACM conference on Computer and communications security
The Grid 2: Blueprint for a New Computing Infrastructure
The Grid 2: Blueprint for a New Computing Infrastructure
Secure password-based authenticated key exchange for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Forward secrecy in password-only key exchange protocols
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
One-Time verifier-based encrypted key exchange
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Password-Based authenticated key exchange in the three-party setting
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Simple password-based encrypted key exchange protocols
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Strong password-based authentication in TLS using the three-party group Diffie Hellman protocol
International Journal of Security and Networks
Provably secure browser-based user-aware mutual authentication over TLS
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Forward Secure Password-Based Authenticated Key Distribution in the Three-Party Setting
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
A New Anonymous Password-Based Authenticated Key Exchange Protocol
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
A Secure Authenticated Key Exchange Protocol for Credential Services
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Password-based authenticated key distribution in the three-party setting with forward security
International Journal of Communication Networks and Distributed Systems
User-aware provably secure protocols for browser-based mutual authentication
International Journal of Applied Cryptography
Security Analysis of the PACE Key-Agreement Protocol
ISC '09 Proceedings of the 12th International Conference on Information Security
Enhancement of two-factor authenticated key exchange protocols in public wireless LANs
Computers and Electrical Engineering
SSL/TLS session-aware user authentication using a GAA bootstrapped key
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Multi-factor authenticated key exchange protocol in the three-party setting
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
An authentication and key exchange protocol for secure credential services
ISC'06 Proceedings of the 9th international conference on Information Security
One-Round protocol for two-party verifier-based password-authenticated key exchange
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Provably-Secure two-round password-authenticated group key exchange in the standard model
IWSEC'06 Proceedings of the 1st international conference on Security
Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol
Information Sciences: an International Journal
Single password authentication
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous password-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.