Analysing Password Protocol Security Against Off-line Dictionary Attacks
نویسندگان
چکیده
We study the security of password protocols against off-line dictionary attacks. In addition to the standard adversary abilities, we also consider further cryptographic advantages given to the adversary when considering the password protocol being instantiated with particular encryption schemes. We work with the applied pi calculus of Abadi and Fournet, in which the (new) adversary abilities are modelled as equations between terms. As case studies, we analyse the Encrypted Password Transmission (EPT) protocol of Halevi and Krawczyk, and the wellknown Encrypted Key Exchange (EKE) of Bellovin and Merritt. Finally, we propose a modification to EKE that prevents a particular attack that arises when ciphertexts are distinguishable from random noise.
منابع مشابه
Authenticated Key Exchange Protocol Secure against Offline Dictionary Attack and Server Compromise
This paper introduces a new scheme, called Augmented Password AKE (APAKE), for authenticated key exchange protocols. In APAKE, a password is represented by a pair of values that is randomly selected in a huge space. We present an APAKE protocol. The protocol is secure against the attacks including off-line dictionary attack and server compromise allowing for subsequent off-line dictionary attac...
متن کاملPassword-Based Group Key Exchange Secure Against Insider Guessing Attacks
Very recently, Byun and Lee suggested two provably secure group Diffie-Hellman key exchange protocols using n participant’s distinct passwords. Unfortunately, the schemes were found to be flawed by Tang and Chen. They presented two password guessing attacks such as off-line and undetectable on-line dictionary attacks by malicious insider attacker. In this paper, we present concrete countermeasu...
متن کاملRFC 6628 Most Efficient Augmented PAKE for IKEv
This document describes an efficient augmented password-only authentication and key exchange (AugPAKE) protocol where a user remembers a low-entropy password and its verifier is registered in the intended server. In general, the user password is chosen from a small set of dictionary words that allows an attacker to perform exhaustive searches (i.e., off-line dictionary attacks). The AugPAKE pro...
متن کاملThreshold Anonymous Password - Authenticated Key Exchange Protocol ?
At Indocrypt 2005, Viet et al., [22] have proposed an anonymous password-authenticated key exchange (PAKE) protocol and its threshold construction both of which are designed for client’s password-based authentication and anonymity against a passive server, who does not deviate the protocol. In this paper, we first point out that their threshold construction is completely insecure against off-li...
متن کاملCryptanalysis of Yeh-Shen-Hwang's One-Time Password Authentication Scheme
The well-known S/KEY one-time password scheme was designed to counter eavesdropping and replay attacks [1]. The success of S/KEY stems from its efficiency and simplicity as well as its security property. S/KEY uses simple hash functions and does not require other complex cryptographic primitives. Even though S/KEY is immune to eavesdropping and replay attacks, it is susceptible to preplay attac...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Electr. Notes Theor. Comput. Sci.
دوره 121 شماره
صفحات -
تاریخ انتشار 2005