Authenticated Key Exchange Protocol Secure against Offline Dictionary Attack and Server Compromise
نویسندگان
چکیده
This paper introduces a new scheme, called Augmented Password AKE (APAKE), for authenticated key exchange protocols. In APAKE, a password is represented by a pair of values that is randomly selected in a huge space. We present an APAKE protocol. The protocol is secure against the attacks including off-line dictionary attack and server compromise allowing for subsequent off-line dictionary attack. The protocol has a pass number of two, and it requires minor computational amounts. We also present a EKE protocol designed by simple modification of the APAKE protocol while preserving the security of the APAKE protocol.
منابع مشابه
Efficient verifier-based password-authenticated key exchange in the three-party setting
In the last few years, researchers have extensively studied the password-authenticated key exchange (PAKE) in the three-party setting. The fundamental security goal of PAKE is security against dictionary attacks. The protocols for verifier-based PAKE are additionally required to be secure against server compromise. Some verifier-based PAKE schemes in the three-party setting have been suggested ...
متن کاملThreshold Password - Authenticated Key Exchange ( Extended Abstract )
In most password-authenticated key exchange systems there is a single server storing password verification data. To provide some resilience against server compromise, this data typically takes the form of a one-way function of the password (and possibly a salt, or other public values), rather than the password itself. However, if the server is compromised, this password verification data can be...
متن کاملProvably Secure Password-Authenticated Key Exchange Using Diffie-Hellman
When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using cryptographically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. ...
متن کاملA Method for Making Password-Based Key Exchange Resilient to Server Compromise
This paper considers the problem of password-authenticated key exchange (PAKE) in a client-server setting, where the server authenticates using a stored password file, and it is desirable to maintain some degree of security even if the server is compromised. A PAKE scheme is said to be resilient to server compromise if an adversary who compromises the server must at least perform an offline dic...
متن کاملEnhanced password-based key establishment protocol
In this paper we analyse a password-based authenticated key establishment protocol due to Laih, Ding and Huang, which enables a user to authenticate himself to a server and negotiate a shared session key. This protocol is also designed to guarantee that a human being is actually involved in an ongoing protocol execution. However we show that the protocol suffers from offline dictionary attacks....
متن کامل