A practical password-based two-server authentication and key exchange system

IEEE Transactions on Dependable and Secure Computing

Volumn 3, Issue 2, 2006, Pages 105-114

  Yang, Yanjiang ^b,d   Deng, Robert H ^a,b   Bao, Feng ^c,e  

^a IEEE   (Singapore)

^b SINGAPORE MANAGEMENT UNIVERSITY   (Singapore)

^c INSTITUTE FOR INFOCOMM RESEARCH   (Singapore)

^d NATIONAL UNIVERSITY OF SINGAPORE   (Singapore)

^e Cryptography Lab

Author keywords

Key exchange; Offline dictionary attack; Password system; Password verification data (PVD); User authentication

Indexed keywords

BIOMEDICAL ENGINEERING; DATABASE SYSTEMS; MATHEMATICAL MODELS; ONLINE SYSTEMS; SERVERS; SOCIETIES AND INSTITUTIONS; USER INTERFACES;

KEY EXCHANGE; OFFLINE DICTIONARY ATTACK; PASSWORD SYSTEMS; PASSWORD VERIFICATION DATA (PVD);

SECURITY OF DATA;

EID: 33646721791     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2006.16     Document Type: Article

References (24)

1. E. Bresson, O. Chevassut, and D. Pointcheval, "Security Proofs for an Efficient Password-Based Key Exchange," Proc. ACM Conf. Computer and Comm. Security, pp. 241-250, 2003.
2. D. Boneh, "The Decision Diffie-Hellman Problem," Proc. Third Int'l Algorithmic Number Theory Symp., pp. 48-63, 1998.
3. J. Brainard, A. Juels, B. Kaliski, and M. Szydlo, "A New Two-Server Approach for Authentication with Short Secrets," Proc. USENIX Security Symp., 2003.
4. S. Bellovin and M. Merritt, "Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks," Proc. IEEE Symp. Research in Security and Privacy, pp. 72-84, 1992.
5. S. Bellovin and M. Merritt, "Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compromise," Proc. ACM Conf. Computer and Comm. Security, pp. 244-250, 1993.
6. M.K. Boyarsky, "Public-Key Cryptography and Password Protocols: The Multi-User Case," Proc. ACM Conf. Computer and Comm. Security, pp. 63-72, 1999.
7. M. Bellare, D. Pointcheval, and P. Rogaway, "Authenticated Key Exchange Secure Against Dictionary Attacks," Advances in Cryptology (Eurocrypt '00), pp. 139-155, 2000.
8. M. Bellare and P. Rogaway, "Random Oracles are Practical: A Paradigm for Designing Efficient Protocols," Proc. ACM Computer and Comm. Security, pp. 62-73, 1993.
9. V.S. Dimitrov, G.A. Jullien, and W.C. Miller, "Complexity and Fast Algorithms for Multi-Exponentiations," IEEE Trans. Computers, vol. 49, no. 2, pp. 141-147, 2000.
10. W. Ford and B.S. Kaliski Jr., "Server-Assisted Generation of a Strong Secret from a Password," Proc. IEEE Ninth Int'l Workshop Enabling Technologies, 2000.
11. L. Gong, M. Lomas, R. Needham, and J. Saltzer, "Protecting Poorly Chosen Secrets from Guessing Attacks," IEEE J. Selected Areas in Comm., vol. 11, no. 5, pp. 648-656, 1993.
12. O. Goldreich, Secure Multi-Party Computation, working draft, version 1.3, June 2001.
13. S. Halevi and H. Krawczyk, "Public-Key Cryptography and Password Protocols," Proc. ACM. Conf. Computer and Comm. Security, pp. 122-131, 1998.
14. D.P. Jablon, "Password Authentication Using Multiple Servers," RSA Security Conf., pp. 344-360, 2001.
15. A. Jain, R. Bolle, and S. Pankanti, BIOMETRICS: Personal Identification in Networked Society. Kluwer Academic, 1999.
16. D.V. Klein, "Foiling the Cracker-A Survey of, and Improvements to, Password Security," Proc. Second USENIX Security Symp., pp. 5-14, 1990.
17. J. Katz, P.D. Mackenzie, G. Taban, and V.D. Gligor, "Two Server Password-Only Authentication Key Exchange," Applied Cryptography and Network Security, pp. 1-16, 2005.
18. J. Kohl and C. Neuman, Request for Comments 1510: The Kerberos Network Authentication Service, Internet Eng. Task Force Network Working Group, 1993.
19. J. Katz, R. Ostrovsky, and M. Yung, "Efficient Password- Authenticated Key Exchange Using Human-Memorable Passwords," Proc. Advances in Cryptology (Eurocrypt '01), pp. 475-494, 2001.
20. J. Katz, R. Ostrovsky, and M. Yung, "Forward Secrecy in Password-Only Key Exchange Protocols," Proc. Security in Comm. Networks, 2002.
21. P. Mackenzie, T. Shrimpton, and M. Jakobsson, "Threshold Password-Authenticated Key Exchange," Proc. Advances in Cryptology (Eurocrypt '02), pp. 385-400, 2002.
22. M.D. Raimondo and R. Gennaro, "Provably Secure Threshold Password-Authenticated Key Exchange," Proc. Advances in Cryptology (Eurocrypt '03), pp. 507-523, 2003.
23. J.M. Wiliams, "Biometrics or ... Biohazards?22 Proc. ACM New Security Pradigms Workshop, pp. 97-107, 2002.
24. Y.J. Yang, F. Bao, and R.H. Deng, "A New Architecture for Authentication and Key Exchange Using Password for Federated Enterprises," Proc. 20th Int'l Federation for Information Processing Int'l Information Security Conf. (SEC '05), 2005.