Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Secure password-based cipher suite for TLS
ACM Transactions on Information and System Security (TISSEC)
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Elliptic Curve Based Password Authenticated Key Exchange Protocols
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Ciphers with Arbitrary Finite Domains
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys
Proceedings of the 5th International Workshop on Security Protocols
A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Number theoretic attacks on secure password schemes
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Security proofs for an efficient password-based key exchange
Proceedings of the 10th ACM conference on Computer and communications security
On diffie-hellman key agreement with short exponents
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
J-PAKE: authenticated key exchange without PKI
Transactions on computational science XI
Password authenticated key exchange by juggling
Security'08 Proceedings of the 16th International conference on Security protocols
Hi-index | 5.23 |
In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols aim to be secure even though the sample space of passwords may be small enough to be enumerated by an off-line adversary. In Eurocrypt 2000, Bellare, Pointcheval and Rogaway (BPR) presented a model and security definition for authenticated key exchange. They claimed that in the ideal-cipher model (random oracles), the two-flow protocol at the core of Encrypted Key Exchange (EKE) is secure. Bellare and Rogaway suggested several instantiations of the ideal cipher in their proposal to the IEEE P1363.2 working group. Since then there has been an increased interest in proving the security of password-based protocols in the ideal-cipher model. For example, Bresson, Chevassut, and Pointcheval have recently showed that the One-Encryption-Key-Exchange (OEKE) protocol is secure in the ideal cipher model. In this paper, we present examples of real (NOT ideal) ciphers (including naive implementations of the instantiations proposed to IEEE P1363.2) that would result in broken instantiations of the idealised AuthA protocol and OEKE protocol. Our result shows that the AuthA protocol can be instantiated in an insecure way, and that there are no well defined (let alone rigorous) ways to distinguish between secure and insecure instantiations. Thus, without a rigorous metric for ideal-ciphers, the value of provable security in ideal cipher model is limited.