Prevention of Exponential Equivalence in Simple Password Exponential Key Exchange (SPEKE)
نویسندگان
چکیده
Simple Password Exponential Key Exchange (SPEKE) and Dragonfly are simple password-based authenticated key exchange protocols that use a value derived from a shared password as a generator for modular exponentiation, as opposed to Diffie–Hellman key exchange, which uses a fixed value. However, it has been shown that in SPEKE, an active attacker, can examine multiple passwords in a single attempt because the passwords have an exponential correlation. We show that Dragonfly can also suffer from the same problem, and we propose a simple countermeasure to prevent the exponential equivalence in SPEKE.
منابع مشابه
Analysing and Patching SPEKE in ISO/IEC
Simple Password Exponential Key Exchange (SPEKE) is a well-known Password Authenticated Key Exchange (PAKE) protocol that has been used in Blackberry phones for secure messaging and Entrust’s TruePass end-toend web products. It has also been included into international standards such as ISO/IEC 11770-4 and IEEE P1363.2. In this paper, we analyse the SPEKE protocol as specified in the ISO/IEC an...
متن کاملExtended Password Key Exchange Protocols Immune to Dictionary Attacks
to anyone who doesn't already have it. Our goal is also to gracefully handle passwords of large-entropy too. When considering theft of a host-stored hashed-password database, large passwords still provide more security than small, but strong methods don't fall to network attack when password entropy is less than optimal. Strong password methods verify even small passwords over a network without...
متن کاملExtended Password Key Exchange Protocols Immune To Dictionary Attack - Enabling Technologies: Infrastructure for Collaborative Enterprises, 1997., Proceedings Sixth IEEE
Strong password methods verify even small passwords over a network without additional stored keys or certificates with the user, and without fear of network dictionary attack. We describe a new extension to further limit exposure to theft of a stored password-verifier, and apply it to several protocols including the Simple Password Exponential Key Exchange (SPEKE). Alice proves knowledge of a p...
متن کاملThe SPEKE Protocol Revisited
The SPEKE protocol is commonly considered one of the classic Password Authenticated Key Exchange (PAKE) schemes. It has been included in international standards (particularly, ISO/IEC 11770-4 and IEEE 1363.2) and deployed in commercial products (e.g., Blackberry). We observe that the original SPEKE specification is subtly different from those defined in the ISO/IEC 11770-4 and IEEE 1363.2 stand...
متن کاملJ-PAKE: Authenticated Key Exchange without PKI
Password Authenticated Key Exchange (PAKE) is one of the important topics in cryptography. It aims to address a practical security problem: how to establish secure communication between two parties solely based on a shared password without requiring a Public Key Infrastructure (PKI). After more than a decade of extensive research in this field, there have been several PAKE protocols available. ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Symmetry
دوره 7 شماره
صفحات -
تاریخ انتشار 2015