A framework for password-based authenticated key exchange

ACM Transactions on Information and System Security

Volumn 9, Issue 2, 2006, Pages 181-234

  Gennaro, Rosario ^a   Lindell, Yehuda ^b  

^a IBM   (United States)

^b BAR ILAN UNIVERSITY   (Israel)

Author keywords

Authentication; Dictionary attack; Passwords; Projective hash functions

Indexed keywords

AUTHENTICATION; DICTIONARY ATTACK; PASSWORDS; PROJECTIVE HASH FUNCTIONS;

CRYPTOGRAPHY; FUNCTIONS; NETWORK PROTOCOLS; SECURITY OF DATA;

SECURITY SYSTEMS;

EID: 33748310753     PISSN: 10949224     EISSN: 10949224     Source Type: Journal    
DOI: 10.1145/1151414.1151418     Document Type: Article

References (31)

1. BELLARE, M. AND ROGAWAY, P. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In 1st Conf. on Computer and Communications Security, ACM, New York. 62-73.
2. BELLARE, M. AND ROGAWAY, P. 1994. Entity authentication and key distribution. In CRYPTO'93, Springer-Verlag (LNCS 773), New York. 232-249.
3. BELLARE, M., POINTCHEVAL, D., AND ROGAWAY, P. 2000. Authenticated key exchange secure against dictionary attacks. In Eurocrypt 2000, Springer-Verlag (LNCS 1807), New York. 139-155.
4. BELLOVIN, S. M. AND MERRITT, M. 1992. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings 1992 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society, New York. 72-84.
5. BELLOVIN, S. M. AND MERRITT, M. 1993. Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In Proceedings of the 1st ACM Conference on Computer and Communication Security, 244-250.
6. BOYKO, V., MACKENZIE, P., AND PATEL, S. 2000. Provably secure password-authenticated key exchange using Diffie-Hellman. In Eurocrypt 2000, Springer-Verlag (LNCS 1807), New York. 156-171.
7. CANETTI, R., GOLDREICH, O., AND HALEVI, S. 2004. The random oracle methodology, revisited. Journal of the ACM 51, 4, 557-594.
8. CANETTI, R. AND KRAWCZYK, H. 2001. Analysis of key-exchange protocols and their use for building secure channels. In Eurocrypt 2001, Springer-Verlag (LNCS 2045), New York. 453-474.
9. CAMENISCH, J. AND SHOUP, V. 2003. Practical verifiable encryption and decryption of discrete logarithms. In CYPTO'03, Springer-Verlag (LNCS 2729), New York. 126-144.
10. CRAMER, R. AND SHOUP, V. 1998. A practical public-key cryptosystem secure against adaptive chosen ciphertexts attacks. In CRYPTO'98, Springer-Verlag (LNCS 1462), New York. 13-25. (Full version in [Cramer and Shoup 2003]).
11. CRAMER, R. AND SHOUP, V. 2002. Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In Eurocrypt 2002, Springer-Verlag (LNCS 2332), New York. 45-64. (Full version in [Cramer and Shoup 2003]).
12. CRAMER, R. AND SHOUP, V. 2003. Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal of Computing 33, 167-226.
13. DAMGÅRD, I. AND GROTH, J. 2003. Non-interactive and reusable nonmalleable commitment schemes. Proc. of 35th ACM Symp. on Theory of Computing (STOC'03). 426-437.
14. DI CRESCENZO, G., ISHAI, Y., AND OSTROVSKY, R. 1998. Non-interactive and non-malleable commitment. In 30th STOC. 141-150.
15. DI CRESCENZO, G., KATZ, J., OSTROVSKY, R., AND SMITH, A. 2001. Efficient and non-interactive nonmalleable commitment. In Eurocrypt 2001, Springer-Verlag (LNCS 2045), New York. 40-59.
16. DIFFIE, W. AND HELLMAN, M. E. 1976. New directions in cryptography. IEEE Trans. on Inf. Theory, IT-22. 644-654.
17. DOLEV, D., DWORK, C., AND NAOR, M. 2000. Non-malleable cryptography. SIAM Journal of Computing 30, 2, 391-437.
18. DWORK, C. 1999. The Non-malleability lectures. Course notes for CS 359, Stanford University, Spring. Available at: theory.stanford.edu/~gdurf/cs359-s99.
19. GOLDREICH, O. 2001. Foundations of cryptography - Basic tools. Cambridge University Press, Cambridge.
20. GOLDREICH, O. AND LINDELL, Y. 2001. Session key generation using human passwords only. In CRYPTO 2001, Springer-Verlag (LNCS 2139), New York. 408-432.
21. HALEVI, S. AND KRAWCZYK, H. 1999. Public-key cryptography and password protocols. ACM Transactions on Information and System Security (TISSEC) 2, 3, 230-268.
22. JABLON, D. P. 1996. Strong password-only authenticated key exchange. SIGCOMM Computer Communication Review 26, 5, 5-26.
23. KATZ, J. 2002. Efficient Cryptographic Protocols Preventing "Man-in-the-Middle" Attacks. Ph.D. Thesis, Columbia University, New York.
24. KATZ, J., OSTROVSKY; R., AND YUNG, M. 2001. Practical password-authenticated key exchange provably secure under standard assumptions. In Eurocrypt 2001, Springer-Verlag (LNCS 2045), New York. 475-494.
25. LUCKS, S. 1997. Open key exchange: How to defeat dictionary attacks without encrypting public keys. In Proceedings of the Workshop on Security Protocols, Springer-Verlag (LNCS 1361), New York. 79-90. (Ecole Normale Superieure).
26. MACKENZIE, P. AND YANG, K. 2004. On Simulation-Sound Commitments. Proc. of EUROCRYPT'04, Springer LNCS 3027, New York. 382-400.
27. NAOR, M. AND YUNG, M. 1989. Universal one-way hash functions and their cryptographic applications. In 21st STOC, 33-43.
28. PAILLIER, P. 1999. Public-key cryptosystems based on composite degree residue classes. In EUROCRYPT'99, Springer-Verlag (LNCS 1592), New York. 223-228.
29. PATEL, S. 1997. Number theoretic attacks on secure password schemes. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. 236-247.
30. STEINER, M., TSUDIK, G., AND WAIDNER, M. 1995. Refinement and extension of encrypted key exchange. ACM SIGOPS Oper. Syst. Rev. 29, 3, 22-30.
31. WU, T. 1998. The secure remote password protocol. In 1998 Internet Society Symposium on Network and Distributed System. Security. 97-111.