Threshold password-authenticated key exchange: (Extended abstract)

A parallel file system is a type of distributed file system that distributes file data across multiple servers and provides for concurrent access by multiple tasks of a parallel application. In many to many communications or multiple tasks, key establishments are a major problem in parallel file system. So we propose a variety of authenticated key exchange protocols that are designed to address the above issue. In this paper, we also study the password-based protocols for authenticated key exchange (AKE) to resist dictionary attacks. Password-based protocols for authenticated key exchange (AKE) are designed to work to resist the use of passwords drawn from a space so small that attacker might well specify, off line, all possible passwords. While many such protocols have been suggested, the elemental theory has been lagging. We commence by interpreting a model for this problem, to approach password guessing, forward secrecy, server compromise, and loss of session keys.

In this paper, we propose pretty simple password-authenticated key-exchange protocol which is based on the difficulty of solving DDH problem. It has the following advantages: (1) Both y1 and y2 in our protocol are independent and thus they can be pre-computed and can be sent independently. This speeds up the protocol. (2) Clients and servers can use almost the same algorithm. This reduces the implementation costs without accepting replay attacks and abuse of entities as oracles.

Lecture Notes in Computer Science, 2005

This paper brings the password-based authenticated key exchange (PAKE) problem closer to practice. It takes into account the presence of firewalls when clients communicate with authentication servers. An authentication server can indeed be seen as two distinct entities, namely a gateway (which is the direct interlocutor of the client) and a back-end server (which is the only one able to check the identity of the client). The goal in this setting is to achieve both transparency and security for the client. And to achieve these goals, the most appropriate choices seem to be to keep the client's password private-even from the back-end server-and to use thresholdbased cryptography. In this paper, we present the Threshold Password-based Authenticated Key Exchange (GTPAKE) system: GTPAKE uses a pair of public/private keys and, unlike traditional threshold-based constructions, shares only the private key among the servers. The system does no require any certification-except during the registration and update of clients' passwords-since clients do not use the public-key to authenticate to the gateway. Clients only need to have their password in hand. In addition to client security, this paper also presents highly-desirable security properties such as server password protection against dishonest gateways and key privacy against curious authentication servers.

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

In this paper, we propose pretty simple password-authenticated key-exchange protocol which is based on the difficulty of solving DDH problem. It has the following advantages: (1) Both y1 and y2 in our protocol are independent and thus they can be pre-computed and can be sent independently. This speeds up the protocol. (2) Clients and servers can use almost the same algorithm. This reduces the implementation costs without accepting replay attacks and abuse of entities as oracles.

Password-based protocols for authenticated key exchange AKE are designed to work despite the use of passwords drawn from a space so small that an adversary might well enumerate, o line, all possible passwords. While several such protocols have been suggested, the underlying theory has been lagging. We begin by de ning a model for this problem, one rich enough to deal with password guessing, forward secrecy, server compromise, and loss of session keys. The one model can be used to de ne various goals. We take AKE with implicit" authentication as the basic" goal, and we give de nitions for it, and for entity-authentication goals as well. Then we prove correctness for the idea at the center of the Encrypted Key-Exchange EKE protocol of Bellovin and Merritt: we prove security, in an ideal-cipher model, of the two-ow protocol at the core of EKE. security analysis. This protocol problem has become quite popular, with further papers suggesting solutions including 7, 10, 11, 15 18,21, 22 . The reason for this interest is simple: password-guessing attacks are a common avenue for breaking into systems, and here is a domain where good cryptographic protocols can help. Contributions. Our rst goal was to nd an approach to help manage the complexity of de nitions and proofs in this domain. We start with the model and de nitions of Bellare and Rogaway 4 and modify or extend them appropriately. The model can be used to de ne the execution of authentication and keyexchange protocols in many di erent settings. We specify the model in pseudocode, not only in English, so as to provide succinct and unambiguous execution semantics. The model is used to de ne the ideas of proper partnering, freshness of session keys, and measures of security for authenticated key exchange, unilateral authentication, and mutual authentication. Some speci c features of our approach are: partnering via session IDs an old idea of Bellare, Petrank, Racko , and Rogaway|see Remark 1; a distinction between accepting a key and terminating; incorporation of a technical correction to 4 concerning Test queries this arose from a counter-example by Racko |see Remark 5; providing the adversary a separate capability to obtain honest protocol executions important to measure security against dictionary attacks; and providing the adversary corruption capabilities which enable a treatment of forward secrecy.

2005

In this paper we analyse a password-based authenticated key establishment protocol due to Laih, Ding and Huang, which enables a user to authenticate himself to a server and negotiate a shared session key. This protocol is also designed to guarantee that a human being is actually involved in an ongoing protocol execution. However we show that the protocol suffers from offline dictionary attacks. We propose an enhanced password-based authenticated key establishment protocol which is secure against offline dictionary attacks, and that possesses an additional feature guaranteeing that a user is involved in each protocol execution.

IOSR Journal of Computer Engineering, 2014

Password-authenticated key exchange (PAKE) is an authentication mechanism where a client and a server who share a password and authenticate each other with that password and hence both will agree on a cryptographic key. Normally, the passwords which are required to verify the clients are stored on a single server. If the server is compromised, due to some malicious operations like hacking or installing a Trojan horse, passwords which are stored in the server gets revealed. In this paper two servers cooperate to authenticate a client and if one server is cooperated, the attacker still cannot act as a client with the evidence from the conceded server. Current solutions for two servers PAKE are either symmetric in the way that the two server correspondingly contribute to the authentication or asymmetric in the sense that one server confirms the authenticity of legal client with the assistance of another server. This paper presents the development of symmetric protocol for two-server PAKE, where the client can establish different cryptographic keys with the two servers. In addition to that a nonce will be generated during the period of authentication and this will act as a timer. If the timer does not expire with in the period limit, the authentication procedure will be carried out within the limit which provides security to replay attacks.

Topics in Cryptology - CT-RSA 2016, 2016

Password-Authenticated Key Exchange allows users to generate a strong cryptographic key based on a shared "human-memorable" password without requiring a public-key infrastructure. It is one of the most widely used and fundamental cryptographic primitives. Unfortunately, mass password theft from organizations is continually in the news and, even if passwords are salted and hashed, brute force breaking of password hashing is usually very successful in practice. In this paper, we propose two efficient protocols where the password database is somehow shared among two servers (or more), and authentication requires a distributed computation involving the client and the servers. In this scenario, even if a server compromise is doable, the secret exposure is not valuable to the adversary since it reveals only a share of the password database and does not permit to brute force guess a password without further interactions with the parties for each guess. Our protocols rely on smooth projective hash functions and are proven secure under classical assumption in the standard model (i.e. do not require idealized assumption, such as random oracles).

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2005

Authenticated Key Establishment (AKE) protocols enable two entities, say a client (or a user) and a server, to share common session keys in an authentic way. In this paper, we review the previous AKE protocols, all of which turn out to be insecure, under the following realistic assumptions: (1) High-entropy secrets that should be stored on devices may leak out due to accidents such as bugs or mis-configureations of the system; (2) The size of human-memorable secret, i.e. password, is short enough to memorize, but large enough to avoid on-line exhaustive search;

Recently, Tso proposed a three-party password-based authenticated key exchange (3PAKE) protocol. This protocol allows two clients to authenticate each other and establish a secure session key through a server over an insecure channel. The main security goals of such protocols are authentication and privacy. However, we show that Tso’s protocol achieves neither authentication goal nor privacy goal. In this paper, we indicate that the privacy and authentication goals of Tso’s protocol will be broken by off-line password guessing attack and impersonation attack, respectively. To overcome the weaknesses, we propose an improved 3PAKE protocol to achieve more security and performance than related protocols. The security of the proposed improved protocol is proved in random oracle model.

IEEE Transactions on Dependable and Secure Computing, 2006

2012 International Conference on ICT Convergence (ICTC), 2012

Password Authenticated Key Exchange (PAKE) protocols permit two entities to generate a large common session key and authenticate each other based on a pre-shared human memorable password. In 2006, Strangio proposed the DH-BPAKE protocol and claimed that the mentioned protocol is provably secure against several attacks. In this paper, it is shown that the DH-BPAKE protocol is vulnerable to password compromise impersonation attack and it is not efficient due to the number of running steps and its computational load. To overcome these weaknesses, an enhanced PAKE protocol is proposed which provides several security properties. In addition, it is proved that our proposed scheme is more sefficient 1 (Secure & Efficient) in comparison with DH-BPAKE protocol.

IEEE Transactions on Wireless Communications, 2000

Fathi et al. recently proposed a leakage-resilient authenticated key exchange protocol for a server-client model in mobility environment over wireless links. In the paper, we address flaws in a hash function used in the protocol. The direct use of the hash function cannot guarantee the security of the protocol. We also point out that a combination of the hash function and the RSA cryptosystem in the protocol may not work securely. To remedy these problems, we improve upon the protocol by modifying the hash function correctly.

Secure Password Authentication Scheme by using Cryptographic Key Exchange in Servers, 2017

In current paper, we present a privateness keeping data-leak detection approach to solve the hindrance where a precise set of touchy knowledge digests is used in detection. The abilities of our method is that it allows the information owner to soundly delegate the detection operation to a semi-sincere provider without revealing the touchy information to the supplier. We describe how ISPs can present their buyers knowledge-leak detection as an add on carrier with strong privacy ensures. In this paper, we recall a situation where two servers cooperate to authenticate a patron and if one server is compromised, the attacker still cannot faux to be the customer with the expertise from the compromised server. Current solutions for 2-server PAKE are either symmetric in the experience that two peer servers equally make a contribution to the authentication or uneven within the sense that one server authenticates the consumer with the help of an extra server. This paper offers a symmetric solution for 2-server PAKE, where the purchaser can set up distinct cryptographic keys with the 2 servers, respectively.

This note reports major previously unpublished security vulnerabilities in the password-only authenticated three-party key exchange protocol due to Lee and Hwang (Information Sciences, 180, 1702-1714, 2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary.