Abstract
Password-based mechanism is the widely used method for user authentication. Many password-based authenticated key exchange protocols have been proposed to resist password guessing attacks. In this paper, we present a simple authenticated key agreement protocol called SAKA which is simple and cost-effective. To examine its security, we provide a formal proof of security to show its strength against both passive and active adversaries. Compared with the previously best protocols, SAKA has less number of steps and less computation cost.
- R. Morris and K. Thompson, "Password Security: A Case History," Communications of the ACM, 22(11), pp. 594-597, 1979.]] Google ScholarDigital Library
- S.M. Bellovin and M. Merritt, "Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks," IEEE Symposium on Research in Security and Privacy, pp. 72-84, 1992.]] Google ScholarDigital Library
- S.M. Bellovin and M. Merritt, "Augmented Encrypted Key Exchange: A Password-Based Protocols Secure Against Dictionary Attacks and Password file Compromise," Proc. 1st ACM Conf. on Computer and Communications Security, pp.244-250,1993.]] Google ScholarDigital Library
- L. Gong, M. Lomas, R. Needham and J. Saltzer, "Protecting Poorly Chosen Secrets from Guessing Attacks," IEEE Journal on Selected Areas in Communications, 11(5), pp. 648-656, June 1993.]]Google ScholarDigital Library
- Y. Ding and P. Horster, "Undetectable On-line Password Guessing Attacks," ACM Operating Systems Review, 29(4), pp. 77-86, October 1995.]] Google ScholarDigital Library
- L. Gong, "Optimal Authentication Protocols Resistant to Password Guessing Attacks," Proceedings of the 8th IEEE Computer Security Foundation Workshop, pp. 24-29, 1995.]] Google ScholarDigital Library
- S. Keung and K. Siu, "Efficient protocols secure against guessing and replay attacks," Fourth International Conference on Computer Communications and Networks, pp. 105-112, 1995.]] Google ScholarDigital Library
- M. Steiner, G. Tsudik and M. Waidner, "Refinement and Extension of Encrypted Key Exchange," ACM Operating Systems Review, 29(3), pp. 22-30, July 1995.]] Google ScholarDigital Library
- D. Jablon, "Strong Password-Only Authentication Key Exchange," ACM Computer Communication Review, vol. 26, no. 5, 5-26, October 1996]] Google ScholarDigital Library
- D. Jablon, ". Extended Password key Exchange Protocols Immune to Dictionary Attack. Proceedings of the WETICE Workshop on Enterprise Security, Cambridge, MA, June 1997]] Google ScholarDigital Library
- T. Kwon, M. Kang and J. Song, "An Adaptable and Reliable Authentication Protocol for Communication Networks," Proceedings of IEEE INFOCOM ' 97, pp. 737-744, 1997.]] Google ScholarDigital Library
- T. Kwon and J. Song, "Authenticated key exchange protocols resistant to password guessing attacks," IEE Proceedings-Communications, 145(5), pp. 304-308, October 1998.]]Google ScholarCross Ref
- T. Kwon, M. Kang, S. Jung and J. Song, "An Improvement of the Password-Based Authentication protocol (K1P) on Security against Replay Attacks," IEICE Transaction on Communications, E82-B(7), pp. 991-997, 1999.]]Google Scholar
- Seo, D.H.and Seweeney, P.: 'Simple authenticated key agreement algorithm'. Electronic Lett., 1999, 35, (13)., pp. 1073-1074]]Google ScholarCross Ref
- Jseng, Y.M.: 'Weakness in simple authenticated key agreement protocol', Electron. Lett., 2000, 36, (1), pp. 48-49]]Google ScholarCross Ref
- C.L. Lin, H.M. Sun and T. Hwang, "Three-party Encrypted Key Exchange: Attacks and A Solution," ACM Operating Systems Review, 34(4), pp. 12-20, October 2000.]] Google ScholarDigital Library
- M. Boyarsky, "Public-key Cryptography and Password Protocols: The Multi-User Case," 5th ACM Conference on Computer and Communications Security, pp. 63-72, 1999.]] Google ScholarDigital Library
- S. Lusks, "Open key exchange: How to defeat dictionary attacks without encrypting public keys," The Security Protocol Workshop '97, Ecole Normale Superieure, April 7-9, 1997.]] Google ScholarDigital Library
- S. Halevi and H. Krawczyk, "Public-Key Cryptography and Password Protocols," ACM Transactions on Information and System Security, 2(3), pp. 25-60, 1999.]] Google ScholarDigital Library
- S. Blake-Wilson, D. Johnson and A. Menezes, "Key agreement protocols and their security analysis," Sixth IMA Intl. Conf. on Cryptography and Coding, No. 1355, pp. 30-45, December 1997.]] Google ScholarDigital Library
- V. Shoup, "On Formal Models for Secure Key Exchange," Research Report, IBM Research, Number RZ 3120 (#93166), April 1999.]]Google Scholar
- V. Boyko, P. MacKenzie and S. Patel, "Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman," Advances in Cryptology-EUROCRYPT'2000, pp. 156-171, 2000.]]Google ScholarDigital Library
- M. Bellare, D. Pointcheval and P. Rogaway, "Authenticated Key Exchange Secure Against Dictionary Attacks," Advances in Cryptology-EUROCRYPT'2000, pp. 139-155, 2000.]] Google ScholarDigital Library
- P. MacKenzie, S. Patel and R. Swaminathan, "Password-Authenticated Key Exchange based on RSA," Advances in Cryptology-ASIACRYPT'2000, pp. 599-613, 2000.]] Google ScholarDigital Library
- O. Goldreich and Y. Lindell, "Session-Key Generation using Human Passwords Only," Advanced in Cryptology-CRYPTO,2001.]] Google ScholarDigital Library
- J. Katz, R. Ostrovsky and M. Yung, "Practical Password-Authenticated Key Exchange Provably Secure under Standard Assumptions," Advanced in Cryptology-EUROCRYPT,2001.]]Google Scholar
- M. Bellare and P. Rogaway, "Entity Authentication and Key Distribution," Advances in Cryptology-CRYPTO'93, Vol. 773, pp. 232-249, 1994.]] Google ScholarDigital Library
- M. Bellare and P. Rogaway, "Provably Secure Session Key Distribution --- The Three Party Case," Proceedings of the 27th ACM Symposium on the Theory of Computing, pp. 57-66, May 1995.]] Google ScholarDigital Library
- T. Kwon and J. Song, "A Study on the Generalized Key Agreement and Password Authentication Protocol," IEICE TRANS. COMMUN., vol.E83-B, no.9, pp.2044-2050, SEP 2000.]]Google Scholar
Index Terms
- Simple authenticated key agreement protocol resistant to password guessing attacks
Recommendations
Parallizable simple authenticated key agreement protocol
Recently, Yeh and Sun proposed a simple authenticated key agreement protocol resistant to password guessing attacks called SAKA that is simple and cost-effective. And they provided a formal proof of security to show its strength against both passive and ...
Provably secure CL-KEM-based password-authenticated key exchange protocol
Traditional password-based authentication protocols are vulnerable to various password-related attacks, while public key cryptography PKC is expensive to manage certificates. Moreover, the traditional identity-based cryptography suffers to key escrow. ...
Parallizable simple authenticated key agreement protocol
Recently, Yeh and Sun proposed a simple authenticated key agreement protocol resistant to password guessing attacks called SAKA that is simple and cost-effective. And they provided a formal proof of security to show its strength against both passive and ...
Comments