Password-based authentication and key distribution protocols with perfect forward secrecy

Authors:
Hung-Min Sun;Her-Tyan Yeh
Affiliations:
Department of Computer Science, National Tsing Hua University, Hsinchu, Taiwan;Department of Computer and Communication, Southern Taiwan University of Technology, Tainan, Taiwan
Venue:
Journal of Computer and System Sciences
Year:
2006

Citing 10
Cited 1

Refinement and extension of encrypted key exchange

ACM SIGOPS Operating Systems Review
Strong password-only authenticated key exchange

ACM SIGCOMM Computer Communication Review
Using encryption for authentication in large networks of computers

Communications of the ACM
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys

Proceedings of the 5th International Workshop on Security Protocols
Extended Password Key Exchange Protocols Immune to Dictionary Attacks

WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Optimal authentication protocols resistant to password guessing attacks

CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
An Adaptable and Reliable Authentication Protocol for Communication Networks

INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
Efficient protocols secure against guessing and replay attacks

ICCCN '95 Proceedings of the 4th International Conference on Computer Communications and Networks
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy

Cryptanalysis on Sun-Yeh's password-based authentication and key distribution protocols with perfect forward secrecy

ICCCI'10 Proceedings of the Second international conference on Computational collective intelligence: technologies and applications - Volume Part II

Quantified Score

Hi-index	0.00

Visualization

Abstract

In an open networking environment, a workstation usually needs to identify its legal users for providing its services. Kerberos provides an efficient approach whereby a trusted third-party authentication server is used to verify users' identities. However, Kerberos enforces the user to use strong cryptographic secret for user authentication, and hence is insecure from password guessing attacks if the user uses a weak password for convenience. In this paper, we focus on such an environment in which the users can use easy-to-remember passwords. In addition to password guessing attacks, perfect forward secrecy (PFS in short) is another important security consideration when designing an authentication and key distribution protocol. Based on the capability of protecting the client's password, the application server's secret key, and the authentication server's private key, we define seven classes of perfect forward secrecy and focus on protocols achieving class-1, class-3, and class-7 due to their hierarchical relations. Then, we propose three secure authentication and key distribution protocols to provide perfect forward secrecy of these three classes. All these protocols are efficient in protecting poorly-chosen passwords chosen by users from guessing attacks and replay attacks.