Two-server password-only authenticated key exchange

Lecture Notes in Computer Science

Volumn 3531, Issue , 2005, Pages 1-16

  Katz, Jonathan ^a   MacKenzie, Philip ^b   Taban, Gelareh ^c   Gligor, Virgil ^c  

^a Institute of Advanced Computer Science   (United States)

^b DOCOMO USA LABS   (United States)

^c UNIVERSITY OF MARYLAND   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION ANALYSIS; NETWORK PROTOCOLS; PUBLIC KEY CRYPTOGRAPHY; SERVERS;

PASSWORD-BASED AUTHENTICATION; PUBLIC KEYS; TWO-SERVER PROTOCOL;

SECURITY OF DATA;

EID: 26444562427     PISSN: 03029743     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1007/11496137_1     Document Type: Conference Paper

References (38)

1. M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated Key Exchange Secure Against Dictionary Attacks. Adv. in Cryptology - Eurocrypt 2000, LNCS vol. 1807, Springer-Verlag, pp. 139-155, 2000.
2. M. Bellare and P. Rogaway. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. Proc. 1st ACM Conference on Computer and Communications Security, ACM, pp. 62-73, 1993.
3. M. Bellare and P. Rogaway. Entity Authentication and Key Distribution. Adv. in Cryptology - Crypto 1993, LNCS vol. 773, Springer-Verlag, pp. 232-249, 1994.
4. M. Bellare and P. Rogaway. Provably-Secure Session Key Distribution: the Three Party Case. 27th ACM Symposium on Theory of Computing (STOC), ACM, pp. 57-66, 1995.
5. S.M. Bellovin and M. Merritt. Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. IEEE Symposium on Research in Security and Privacy, IEEE, pp. 72-84, 1992.
6. S.M. Bellovin and M. Merritt. Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise. 1st ACM Conf. on Computer and Comm. Security, ACM, pp. 244-250, 1993.
7. M. Boyarsky. Public-Key Cryptography and Password Protocols: The Multi-User Case. 7th Ann. Conf. on Computer and Comm. Security, ACM, pp. 63-72, 1999.
8. V. Boyko, P. MacKenzie, and S. Patel. Provably-Secure Password-Authenticated Key Exchange Using Diffie-Hellman. Adv. in Cryptology - Eurocrypt 2000, LNCS vol. 1807, Springer-Verlag, pp. 156-171, 2000.
9. J. Brainard, A. Juels, B. Kaliski, and M. Szydlo. Nightingale: A New Two-Server Approach for Authentication with Short Secrets. 12th USENIX Security Symp., pp. 201-213, 2003.
10. R. Canetti, O. Goldreich, and S. Halevi. The Random Oracle Methodology, Revisited. J. ACM 51(4): 557-594, 2004.
11. R. Canetti, S. Halevi, J. Katz, Y. Lindell, and P. MacKenzie. Universally-Composable Password Authenticated Key Exchange. Eurocrypt 2005, to appear.
12. R. Cramer. Modular Design of Secure Yet Practical Cryptographic Protocols. PhD Thesis, CWI and University of Amsterdam, 1996.
13. R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. Adv. in Cryptology - Crypto 1994, LNCS vol. 839, Springer-Verlag, pp. 174-187, 1994.
14. R. Cramer and V. Shoup. A Practical Public Key Cryptosystem Provably Secure Against Chosen Ciphertext Attack. Adv. in Cryptology - Crypto 1998, LNCS vol. 1462, Springer-Verlag, pp. 13-25, 1998.
15. W. Diffie and M. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory 22(6): 644-654, 1976.
16. M. Di Raimondo and R. Gennaro. Provably Secure Threshold Password-Authenticated Key Exchange. Adv. in Cryptology - Eurocrypt 2003, LNCS vol. 2656, Springer-Verlag, pp. 507-523, 2003.
17. Y. Dodis, M. Krohn, D. Mazieres, and A. Nicolosi. Proactive Two-Party Signatures for User Authentication. NDSS 2003.
18. T. El Gamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory 31: 469-472, 1985.
19. W. Ford and B.S. Kaliski. Server-Assisted Generation of a Strong Secret from a Password. Proc. 5th IEEE Intl. Workshop on Enterprise Security, 2000.
20. R. Gennaro and Y. Lindell. A Framework for Password-Based Authenticated Key Exchange. Adv. in Cryptology - Eurocrypt 2003, LNCS vol. 2656, Springer-Verlag, pp. 524-543, 2003.
21. N. Gilboa. Two-Party RSA Key Generation. Adv. in Cryptology - Crypto 1999, LNCS vol. 1666, Springer-Verlag, pp. 116-129, 1999.
22. O. Goldreich and Y. Lindell. Session-Key Generation Using Human Passwords Only. Adv. in Cryptology - Crypto 2001, LNCS vol. 2139, Springer-Verlag, pp. 408-432, 2001.
23. L. Gong, T.M.A. Lomas, R.M. Needham, and J.H. Saltzer. Protecting Poorly-Chosen Secrets from Guessing Attacks. IEEE J. on Selected Areas in Communications 11(5): 648-656, 1993.
24. S. Halevi and H. Krawczyk. Public-Key Cryptography and Password Protocols. ACM Trans. Information and System Security 2(3): 230-268, 1999.
25. D. Jablon. Strong Password-Only Authenticated Key Exchange. ACM Computer Communications Review 26(5): 5-20, 1996.
26. D. Jablon. Password Authentication Using Multiple Servers. RSA Cryptographers' Track 2001, LNCS vol. 2020, Springer-Verlag, pp. 344-360, 2001.
27. S. Jiang and G. Gong. Password Based Key Exchange With Mutual Authentication. Workshop on Selected Areas of Cryptography (SAC), 2004.
28. J. Katz, R. Ostrovsky, and M. Yung. Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords. Adv. in Cryptology - Eurocrypt 2001, LNCS vol. 2045, Springer-Verlag, pp. 475-494, 2001.
29. T.M.A. Lomas, L. Gong, J.H. Saltzer, and R.M. Needham. Reducing Risks from Poorly-Chosen Keys. ACM Operating Systems Review 23(5): 14-18, 1989.
30. S. Lucks. Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys. Proc. of the Security Protocols Workshop, LNCS 1361, Springer-Verlag, pp. 79-90, 1997.
31. P. MacKenzie, S. Patel, and R. Swaminathan. Password-Authenticated Key Exchange Based on RSA. Adv. in Cryptology - Asiacrypt 2000, LNCS 1976, Springer-Verlag, pp. 599-613, 2000.
32. P. MacKenzie. An Efficient Two-Party Public-Key Cryptosystem Secure against Adaptive Chosen-Ciphertext Attack. Public Key Cryptography (PKC) 2003, LNCS vol. 2567, Springer-Verlag, pp. 47-61, 2003.
33. P. MacKenzie and M. Reiter. Networked Cryptographic Devices Resilient to Capture. IEEE Security and Privacy, 2001.
34. P. MacKenzie and M. Reiter. Two-Party Generation of DSA Signatures. Adv. in Cryptology - Crypto 2001, LNCS vol. 2139, Springer-Verlag, pp. 137-154, 2001.
35. P. MacKenzie, T. Shrimpton, and M. Jakobsson. Threshold Password-Authenticated Key Exchange. Adv. in Cryptology - Crypto 2002, LNCS vol. 2442, Springer-Verlag, pp. 385-400, 2002.
36. V. Shoup. A Proposal for an ISO Standard for Public-Key Encryption, version 2.1. Draft, 2001. Available at http://eprint.iacr.org/2001/112.
37. M. Szydlo and B. Kaliski. Proofs for Two-Server Password Authentication. RSA Cryptographers' Track 2005, LNCS vol. 3376, Springer-Verlag, pp. 227-244, 2005.
38. T. Wu. The Secure Remote Password Protocol. Proc. Internet Society Symp. on Network and Distributed System Security, pp. 97-111, 1998.