Affiliation:
1. IBM T. J. Watson Research Center, Yorktown Heights, NY
2. Technion–Israel Institute of Technology, Haifa, Israel; and IBM T. J. Watson Research Center, Yorktown Heights, NY
Abstract
We study protocols for strong authentication and key exchange in asymmetric scenarios where the authentication server possesses ~a pair of private and public keys while the client has only a weak human-memorizable password as its authentication key. We present and analyze several simple password authentication protocols in this scenario, and show that the security of these protocols can be formally proven based on standard cryptographic assumptions. Remarkably, our analysis shows optimal resistance to off-line password guessing attacks under the choice of suitable public key encryption functions. In addition to user authentication, we describe ways to enhance these protocols to provide two-way authentication, authenticated key exchange, defense against server's compromise, and user anonymity. We complement these results with a proof that strongly indicates that public key techniques are unavoidable for password protocols that resist off-line guessing attacks.
As a further contribution, we introduce the notion of
public passwords
that enables the use of the above protocols in situations where the client's machine does not have the means to validate the server's public key. Public passwords serve as "hand-held certificates" that the user can carry without the need for specal computing devices.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference32 articles.
1. ABADI M. LOMAS T. M. AND NEEDHAM R. 1997. Strengthening passwords. Tech. Note 033. SRC..]] ABADI M. LOMAS T. M. AND NEEDHAM R. 1997. Strengthening passwords. Tech. Note 033. SRC..]]
2. Relations among notions of security for public-key encryption schemes
3. Optimal asymmetric encryption--how to encrypt with rsa. In Advances in Cryptology--EUROCRYPT'94, A. D. Santis, Ed. Springer-Verlag;BELLARE M.;New York,1995
Cited by
124 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献