Abstract:
We investigate ecient protocols for password-authenticated key exchange based on the RSA public-key cryptosystem. To date, most of the published protocols for password-authenticated key exchange were based on Die-Hellman key exchange. It appears inappropriate to design password-authenticated key exchange protocols using RSA and other public-key cryptographic techniques. In fact, many of the proposed protocols for password-authenticated key exchange based on RSA have been shown to be insecure; the only one that remains secure is the SNAPI protocol. Unfortunately, the SNAPI protocol has to use a prime public exponent e larger than the RSA modulus n. In this paper, we present a new password-authenticated key exchange protocol, called PEKEP, which allows using both large and small prime numbers as RSA public exponents. Based on number-theoretic techniques, we show that the new protocol is secure against the e-residue attack, a special type of o-line dictionary attack against RSA-based passwordauthenticated key exchange protocols. We also provide a formal security analysis of PEKEP under the RSA assumption and the random oracle model. On the basis of PEKEP, we present a computationally-ecient key exchange protocol to mitigate the burden on communication entities. Key words: password authentication, o-line dictionary attack, public-key cryptography
Citations
|
1496
|
Handbook of Applied Cryptography
– Menezes, Oorschot, et al.
- 1996
|
|
323
|
Entity Authentication and Key Distribution
– Bellare, Rogaway
- 1995
|
|
229
|
Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks
– Bellovin, Merritt
- 1992
|
|
189
|
Authenticated key exchange secure against dictionary attacks
– Bellare, Pointcheval, et al.
- 2000
|
|
173
|
Optimal Asymmetric Encryption
– Bellare, Rogaway
- 1994
|
|
129
|
The Secure Remote Password Protocol
– Wu
- 1998
|
|
120
|
Strong Password-Only Authenticated Key Exchange
– Jablon
- 1996
|
|
100
|
Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise
– Bellovin, Merritt
- 1993
|
|
94
|
Provably secure password authenticated key exchange using DiffieHellmann
– Boyko, MacKenzie, et al.
- 2000
|
|
79
|
Public-Key Cryptography and Password Protocols
– Halevi, Krawczyk
- 1999
|
|
57
|
Open key exchange: How to defeat dictionary attacks without encrypting public keys
– Lucks
- 1997
|
|
54
|
M.: EOEcient Password-Authenticated Key Exchange Using Human-Memorable Passwords
– Katz, Ostrovsky, et al.
|
|
53
|
Session-Key Generation Using Human Passwords Only
– Goldreich, Lindell
- 2001
|
|
45
|
Simplified OAEP for the RSA and Rabin functions
– Boneh
- 2001
|
|
37
|
A real-world analysis of Kerberos password security
– Wu
- 1999
|
|
37
|
Optimal authentication protocols resistant to password guessing attacks
– Gong
- 1995
|
|
36
|
Y.: A Framework for Password-Based Authenticated Key Exchange
– Gennaro, Lindell
- 2003
|
|
35
|
Number theoretic attacks on secure password schemes
– Patel
- 1997
|
|
22
|
Authentication and key agreement via memorable password
– Kwon
- 2001
|
|
20
|
Algorithmic Number Theory, Vol. 1: Efficient Algorithms. MITPress
– Bach, Shallit
- 1996
|
|
12
|
Simpler Session-Key Generation from Short Random Passwords
– Nguyen, Vadhan
- 2004
|
|
8
|
Pretty-Simple Password-Authenticated Key-Exchange Protocol Proven to be Secure in the Standard Model
– Kobara, Imai
- 2002
|
|
7
|
IPAKE: Isomorphisms for Passwordbased Authenticated Key Exchange
– Catalano, Pointcheval, et al.
- 2004
|
|
6
|
Elementary Number Theory
– Rosen
- 2000
|
|
3
|
Password-authenticated key exchange based on
– MacKenzie, Patel, et al.
- 2000
|
|
2
|
More efficient password authenticated key exchange based on RSA
– Wong, Chan, et al.
- 2003
|
|
1
|
RSA-based password authenticated key exchange for imbalanced wireless networks
– Zhu, Wong, et al.
- 2002
|
|
1
|
Algorithmic Number Theory, vol. 1: Ecient Algorithms
– Bach, Shallit
- 1997
|
|
1
|
Security in storage
– Hughes, Cole
- 2003
|
|
