Provably Secure Password-based Authentication in TLS

Abdalla, Michel; Emmanuel, Bresson; Chevassut, Olivier; Moeller, Bodo; Pointcheval, David

Title: Provably Secure Password-based Authentication in TLS

Conference · Tue Dec 20 00:00:00 EST 2005

OSTI ID:881394

Abdalla, Michel; Emmanuel, Bresson; Chevassut, Olivier; Moeller, Bodo; Pointcheval, David

In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.

View Conference

Cite

Export

Save

Research Organization:: Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

Sponsoring Organization:: USDOE. Office of Advanced Scientific Computing Research.Mathematical Information and Computing Sciences Division; EuropeanCommission. IST program Contract IST-2002-507932 ECRYPT

DOE Contract Number:: DE-AC02-05CH11231

OSTI ID:: 881394

Report Number(s):: LBNL-57609-Ext.-Abs.; R&D Project: KL0501; BnR: YN0100000; TRN: US200612%%827

Resource Relation:: Conference: ACM Symposium on Information, Computer andCommunications Security, Taipei, Taiwan, March 21-24,2006

Country of Publication:: United States

Language:: English

Similar Records

A Security Solution for IEEE 802.11's Ad-hoc Mode:Password-Authentication and Group Diffie-Hellman Key Exchange

Journal Article · Sat Oct 01 00:00:00 EDT 2005 · International Journal of Wireless and MobileComputing · OSTI ID:881394

Emmanuel, Bresson; Olivier, Chevassut; David, Pointcheval

New Security Results on Encrypted Key Exchange

Conference · Mon Dec 15 00:00:00 EST 2003 · OSTI ID:881394

Bresson, Emmanuel; Chevassut, Olivier; Pointcheval, David

Provably-Secure Authenticated Group Diffie-Hellman KeyExchange

Journal Article · Mon Jan 01 00:00:00 EST 2007 · ACM Transactions on Information and System Security Journal(TISSEC) · OSTI ID:881394

Bresson, Emmanuel; Chevassut, Olivier; Pointcheval, David

Related Subjects

42 ENGINEERING
COMMUNICATIONS
COMPUTERS
DESIGN
DICTIONARIES
FLEXIBILITY
SECURITY
TRANSPORT

Title: Provably Secure Password-based Authentication in TLS

Citation Formats

Similar Records

Related Subjects