Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Provably Secure Password-based Authentication in TLS

Conference ·
OSTI ID:881394
; ; ; ;

In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.

Research Organization:
Ernest Orlando Lawrence Berkeley NationalLaboratory, Berkeley, CA (US)
Sponsoring Organization:
USDOE. Office of Advanced Scientific Computing Research.Mathematical Information and Computing Sciences Division; EuropeanCommission. IST program Contract IST-2002-507932 ECRYPT
DOE Contract Number:
AC02-05CH11231
OSTI ID:
881394
Report Number(s):
LBNL--57609-Ext.-Abs.; BnR: YN0100000
Country of Publication:
United States
Language:
English

Similar Records

A Security Solution for IEEE 802.11's Ad-hoc Mode:Password-Authentication and Group Diffie-Hellman Key Exchange
Journal Article · Sat Oct 01 00:00:00 EDT 2005 · International Journal of Wireless and MobileComputing · OSTI ID:920055
Strong Password-Based Authentication in TLS Using the Three-PartyGroup Diffie-Hellman Protocol
Journal Article · Sat Aug 26 00:00:00 EDT 2006 · International Journal of Security and Networks · OSTI ID:923272
Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman
Technical Report · Mon Apr 21 00:00:00 EDT 2008 · OSTI ID:948495

Related Subjects

42 ENGINEERING
COMMUNICATIONS
COMPUTERS
DESIGN
DICTIONARIES
FLEXIBILITY
SECURITY
TRANSPORT