Two-Server Password-Only Authenticated Key Exchange
نویسندگان
چکیده
Typical protocols for password-based authentication assume a single server which stores all the information (e.g., the password) necessary to authenticate a user. Unfortunately, an inherent limitation of this approach (assuming low-entropy passwords are used) is that the user’s password is exposed if this server is ever compromised. To address this issue, a number of schemes have been proposed in which a user’s password information is shared among multiple servers, and these servers cooperate in a threshold manner when the user wants to authenticate. We show here a two-server protocol for this task assuming public parameters available to everyone in the system (as well as the adversary). Ours is the first provably-secure two-server protocol for the important password-only setting (in which the user need remember only a password, and not the servers’ public keys), and is the first two-server protocol (in any setting) with a proof of security in the standard model.
منابع مشابه
Password - Only Authenticated Key Exchange Using Distributed Server
Authentication using Passwordauthenticated key exchange using distributed server (PAKEUDE) is done where a cryptographic key exchange of messages. Database of all passwords to authenticate clients are stored in a distributed server. If the server is compromised, the attacker cannot act like a client with the information from the compromised server. Solution produced for distributed-server PAKE ...
متن کاملProvably Secure Password-authenticated Key Exchange Using Diie-hellman
When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using cryptographically secure keys), one must not allow any information to be leaked that would allow veriication of the password (a weak shared key), since an attacker who obtains this information may be able to run an oo-line dictionary attack to determine the correct password. We...
متن کاملPassword-Authenticated Multi-Party Key Exchange with Different Passwords
Password-authenticated key exchange (PAKE) allows two or multiple parties to share a session key using a human-memorable password only. PAKE has been applied in various environments, especially in the “clientserver” model of remotely accessed systems. Designing a secure PAKE scheme has been a challenging task because of the low entropy of password space and newly recognized attacks in the emerg...
متن کاملPassword-Based Authenticated Key Exchange in the Three-Party Setting
Password-based authenticated key exchange are protocols which are designed to be secure even when the secret key or password shared between two users is drawn from a small set of values. Due to the low entropy of passwords, such protocols are always subject to online guessing attacks. In these attacks, the adversary may succeed with non-negligible probability by guessing the password shared bet...
متن کاملA Simple Threshold Authenticated Key Exchange from Short Secrets
This paper brings the password-based authenticated key exchange (PAKE) problem closer to practice. It takes into account the presence of firewalls when clients communicate with authentication servers. An authentication server can indeed be seen as two distinct entities, namely a gateway (which is the direct interlocutor of the client) and a back-end server (which is the only one able to check t...
متن کاملGroup Password-Authenticated Key Exchange from Identity-Based Cryptosystem
Password-authenticated key exchange (PAKE) protocols are designed to be secure even when the secret key used for authentication is a human-memorable password. In this paper, we consider PAKE protocols in the group scenario, in which a group of clients, each of them shares a password with an “honest but curious” server, intend to establish a common secret key (i.e., a group key) with the help of...
متن کامل