Provably Secure Password-based Authentication in TLS
In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.
- Research Organization:
- Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
- Sponsoring Organization:
- USDOE. Office of Advanced Scientific Computing Research.Mathematical Information and Computing Sciences Division; EuropeanCommission. IST program Contract IST-2002-507932 ECRYPT
- DOE Contract Number:
- DE-AC02-05CH11231
- OSTI ID:
- 881394
- Report Number(s):
- LBNL-57609-Ext.-Abs.; R&D Project: KL0501; BnR: YN0100000; TRN: US200612%%827
- Resource Relation:
- Conference: ACM Symposium on Information, Computer andCommunications Security, Taipei, Taiwan, March 21-24,2006
- Country of Publication:
- United States
- Language:
- English
Similar Records
New Security Results on Encrypted Key Exchange
Provably-Secure Authenticated Group Diffie-Hellman KeyExchange