Provably Secure Password-based Authentication in TLS

Title: Provably Secure Password-based Authentication in TLS

Full Record
Other Related Research

Abstract

In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite hasmore »« less

Authors:: Abdalla, Michel; Emmanuel, Bresson; Chevassut, Olivier; Moeller, Bodo; Pointcheval, David

Publication Date:: 2005-12-20

Research Org.:: Ernest Orlando Lawrence Berkeley NationalLaboratory, Berkeley, CA (US)

Sponsoring Org.:: USDOE. Office of Advanced Scientific Computing Research.Mathematical Information and Computing Sciences Division; EuropeanCommission. IST program Contract IST-2002-507932 ECRYPT

OSTI Identifier:: 881394

Report Number(s):: LBNL-57609-Ext.-Abs.
R&D Project: KL0501; BnR: YN0100000; TRN: US200612%%827

DOE Contract Number:: DE-AC02-05CH11231

Resource Type:: Conference

Resource Relation:: Conference: ACM Symposium on Information, Computer andCommunications Security, Taipei, Taiwan, March 21-24,2006

Country of Publication:: United States

Language:: English

Subject:: 42 ENGINEERING; COMMUNICATIONS; COMPUTERS; DESIGN; DICTIONARIES; FLEXIBILITY; SECURITY; TRANSPORT

Citation Formats


                    Abdalla, Michel, Emmanuel, Bresson, Chevassut, Olivier, Moeller, Bodo, and Pointcheval, David. Provably Secure Password-based Authentication in TLS.  United States: N. p., 2005. 
        Web.

Copy to clipboard


                    Abdalla, Michel, Emmanuel, Bresson, Chevassut, Olivier, Moeller, Bodo, & Pointcheval, David. Provably Secure Password-based Authentication in TLS.  United States.

Copy to clipboard


                    Abdalla, Michel, Emmanuel, Bresson, Chevassut, Olivier, Moeller, Bodo, and Pointcheval, David. Tue .  
        "Provably Secure Password-based Authentication in TLS".  United States.  https://www.osti.gov/servlets/purl/881394.

Copy to clipboard


                    
@article{osti_881394,

  title        = {Provably Secure Password-based Authentication in TLS},

  author       = {Abdalla, Michel and Emmanuel, Bresson and Chevassut, Olivier and Moeller, Bodo and Pointcheval, David},

  abstractNote = {In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.},

  doi          = {},

  url          = {https://www.osti.gov/biblio/881394},
  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2005},

  month        = {12}

}

Copy to clipboard

Conference:

View Conference (0.21 MB)

Other availability

Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:

Export Metadata

Save to My Library

Similar records in OSTI.GOV collections:

A Security Solution for IEEE 802.11's Ad-hoc Mode:Password-Authentication and Group Diffie-Hellman Key Exchange

Journal Article Emmanuel, Bresson ; Olivier, Chevassut ; David, Pointcheval - International Journal of Wireless and MobileComputing

The IEEE 802 standards ease the deployment of networkinginfrastructures and enable employers to accesscorporate networks whiletraveling. These standards provide two modes of communication calledinfrastructure and ad-hoc modes. A security solution for the IEEE802.11's infrastructure mode took several years to reach maturity andfirmware are still been upgraded, yet a solution for the ad-hoc modeneeds to be specified. The present paper is a first attempt in thisdirection. It leverages the latest developments in the area ofpassword-based authentication and (group) Diffie-Hellman key exchange todevelop a provably-secure key-exchange protocol for IEEE 802.11's ad-hocmode. The protocol allows users to securely join and leave the wirelessgroupmore »« less
Full Text Available
New Security Results on Encrypted Key Exchange

Conference Bresson, Emmanuel ; Chevassut, Olivier ; Pointcheval, David

Schemes for encrypted key exchange are designed to provide two entities communicating over a public network, and sharing a (short) password only, with a session key to be used to achieve data integrity and/or message confidentiality. An example of a very efficient and ''elegant'' scheme for encrypted key exchange considered for standardization by the IEEE P1363 Standard working group is AuthA. This scheme was conjectured secure when the symmetric-encryption primitive is instantiated via either a cipher that closely behaves like an ''ideal cipher,'' or a mask generation function that is the product of the message with a hash of themore »« less
Full Text Available
Provably-Secure Authenticated Group Diffie-Hellman KeyExchange

Journal Article Bresson, Emmanuel ; Chevassut, Olivier ; Pointcheval, David - ACM Transactions on Information and System Security Journal(TISSEC)

Authenticated key exchange protocols allow two participantsA and B, communicating over a public network and each holding anauthentication means, to exchange a shared secret value. Methods designedto deal with this cryptographic problem ensure A (resp. B) that no otherparticipants aside from B (resp. A) can learn any information about theagreed value, and often also ensure A and B that their respective partnerhas actually computed this value. A natural extension to thiscryptographic method is to consider a pool of participants exchanging ashared secret value and to provide a formal treatment for it. Startingfrom the famous 2-party Diffie-Hellman (DH) key exchange protocol,more »« less
Full Text Available
Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman

Technical Report Chevassut, Olivier ; Milner, Joseph ; Pointcheval, David

The internet has grown greatly in the past decade, by some numbers exceeding 47 million active web sites and a total aggregate exceeding100 million web sites. What is common practice today on the Internet is that servers have public keys, but clients are largely authenticated via short passwords. Protecting these passwords by not storing them in the clear on institutions's servers has become a priority. This paper develops password-based ciphersuites for the Transport Layer Security (TLS) protocol that are: (1) resistant to server compromise; (2) provably secure; (3) believed to be free from patent and licensing restrictions based on anmore »« less
https://doi.org/10.2172/948495

Full Text Available
Strong Password-Based Authentication in TLS Using the Three-PartyGroup Diffie-Hellman Protocol

Journal Article Abdalla, Michel ; Bresson, Emmanuel ; Chevassut, Olivier ; ... - International Journal of Security and Networks

The Internet has evolved into a very hostile ecosystem where"phishing'' attacks are common practice. This paper shows that thethree-party group Diffie-Hellman key exchange can help protect againstthese attacks. We have developed a suite of password-based cipher suitesfor the Transport Layer Security (TLS) protocol that are not onlyprovably secure but also assumed to be free from patent and licensingrestrictions based on an analysis of relevant patents in thearea.

Similar Records