Secure password-based authenticated key exchange for web services
This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.
- Research Organization:
- Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
- Sponsoring Organization:
- USDOE Director. Office of Science. Office of Advanced Scientific Computing Research. Mathematical Information and Computing Sciences Division (US)
- DOE Contract Number:
- AC03-76SF00098
- OSTI ID:
- 840742
- Report Number(s):
- LBNL-56361; R&D Project: KL0501; TRN: US200512%%232
- Resource Relation:
- Conference: ACM Computer and Communications Security (ACM CCS), Workshop on Secure Web Services (SWS), Washington, DC (US), 10/29/2004; Other Information: PBD: 22 Nov 2004
- Country of Publication:
- United States
- Language:
- English
Similar Records
Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman
A Security Solution for IEEE 802.11's Ad-hoc Mode:Password-Authentication and Group Diffie-Hellman Key Exchange