Abstract
Password-based protocols for authenticated key exchange (AKE) are designed to work despite the use of passwords drawn from a space so small that an adversary might well enumerate, off line, all possible passwords. While several such protocols have been suggested, the underlying theory has been lagging. We begin by defining a model for this problem, one rich enough to deal with password guessing, forward secrecy, server compromise, and loss of session keys. The one model can be used to define various goals. We take AKE (with “implicit” authentication) as the “basic” goal, and we give definitions for it, and for entity-authentication goals as well. Then we prove correctness for the idea at the center of the Encrypted Key-Exchange (EKE) protocol of Bellovin and Merritt: we prove security, in an ideal-cipher model, of the two-flow protocol at the core of EKE.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bellare, R. Canetti, and H. Krawczyk. A Modular Approach to the Design and Analysis of Authentication and Key Exchange Protocols. Proc. of the 30th STOC. ACM Press, New York, 1998.
M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated Key Exchange Secure Against Dictionary Attacks. Full version of this paper, available from http://www-cse.ucsd.edu/users/mihir
M. Bellare and P. Rogaway. Entity Authentication and Key Distribution. CRYPTO’ 93, LNCS 773, pages 232–249. Springer-Verlag, Berlin, 1994.
M. Bellare and P. Rogaway. Provably Secure Session Key Distribution: the Three Party Case. Proc. of the 27th STOC. ACM Press, New York, 1995.
M. Bellare and P. Rogaway, work in progress.
S. Bellovin and M. Merritt. Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks. Proc. of the Symposium on Security and Privacy, pages 72–84. IEEE, 1992.
S. Bellovin and M. Merritt. Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compromise. Proceedings of the 1st Annual Conference on Computer and Communications Security, ACM, 1993.
J. Black and P. Rogaway. Ciphers with Arbitrary Finite Domains. Manuscript, 2000.
M. Boyarsky. Public-Key Cryptography and Password Protocols: The Multi-User Case. Proceedings of the 6th Annual Conference on Computer and Communications Security, ACM, 1999.
V. Boyko, P. MacKenzie, and S. Patel. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. Eurocrypt 2000, LNCS 1807, pages 156–171. Springer-Verlag, Berlin, 2000.
P. Buhler, T. Eirich, M. Steiner, and M. Waidner. Secure Password-Based Cipher Suite for TLS. Proceedings of Network and Distributed Systems Security Symposium. February 2000.
D. Denning and G. Sacco. Timestamps in Key Distribution Protocols. Communications of the ACM, 24, 1981, pp 533–536.
L. Gong, M. Lomas, R. Needham, and J. Saltzer. Protecting Poorly Chosen Secrets from Guessing Attacks. IEEE Journal on Selected Areas in Communications, 11(5):648–656, June 1993.
S. Halevi and H. Krawczyk. Public-Key Cryptography and Password Protocols. ACM Transactions on Information and System Security, Vol. 2, No. 3, pp. 230–268, August 1999. Earlier version in Proc. of the 5th CCS conference, ACM Press, New York, 1998.
D. Jablon. Strong Password-Only Authenticated Key Exchange. ACM Computer Communications Review, October 1996.
D. Jablon. Extended Password Key Exchange Protocols Immune to Dictionary Attacks. Proc. of WET-ICE’ 97, pp. 248–255. IEEE Computer Society, June 1997.
S. Lucks. Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys. Proc. of the Security Protocols Workshop, LNCS 1361. Springer-Verlag, Berlin, 1997.
P. MacKenzie and R. Swaminathan. Secure Authentication with a Short Secret. Manuscript. November 2, 1999. Earlier version as Secure Network Authentication with Password Identification. Submission to IEEE P1363a. August 1999. Available from http://grouper.ieee.org/groups/1363/addendum.html
C. Rackoff, private communication, 1995.
V. Shoup. On Formal Models for Secure Key Exchange. Theory of Cryptography Library Record 99-12, http://philby.ucsd.edu/cryptolib/ and invited talk at ACM Computer and Communications Security conference, 1999.
M. Roe, B. Christianson, and D. Wheeler. Secure Sessions from Weak Secrets. Technical report from University of Cambridge and University of Hertfordshire. Manuscript, 1998.
T. Wu. The Secure Remote Password Protocol. Proceedings of the Internet Society Symposium on Network and Distributed System Security, pp. 97–111, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bellare, M., Pointcheval, D., Rogaway, P. (2000). Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (eds) Advances in Cryptology — EUROCRYPT 2000. EUROCRYPT 2000. Lecture Notes in Computer Science, vol 1807. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45539-6_11
Download citation
DOI: https://doi.org/10.1007/3-540-45539-6_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67517-4
Online ISBN: 978-3-540-45539-4
eBook Packages: Springer Book Archive