Provably Secure Password-based Authentication in TLS
Abstract
In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite hasmore »
- Authors:
- Publication Date:
- Research Org.:
- Ernest Orlando Lawrence Berkeley NationalLaboratory, Berkeley, CA (US)
- Sponsoring Org.:
- USDOE. Office of Advanced Scientific Computing Research.Mathematical Information and Computing Sciences Division; EuropeanCommission. IST program Contract IST-2002-507932 ECRYPT
- OSTI Identifier:
- 881394
- Report Number(s):
- LBNL-57609-Ext.-Abs.
R&D Project: KL0501; BnR: YN0100000; TRN: US200612%%827
- DOE Contract Number:
- DE-AC02-05CH11231
- Resource Type:
- Conference
- Resource Relation:
- Conference: ACM Symposium on Information, Computer andCommunications Security, Taipei, Taiwan, March 21-24,2006
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 42 ENGINEERING; COMMUNICATIONS; COMPUTERS; DESIGN; DICTIONARIES; FLEXIBILITY; SECURITY; TRANSPORT
Citation Formats
Abdalla, Michel, Emmanuel, Bresson, Chevassut, Olivier, Moeller,Bodo, and Pointcheval, David. Provably Secure Password-based Authentication in TLS. United States: N. p., 2005.
Web.
Abdalla, Michel, Emmanuel, Bresson, Chevassut, Olivier, Moeller,Bodo, & Pointcheval, David. Provably Secure Password-based Authentication in TLS. United States.
Abdalla, Michel, Emmanuel, Bresson, Chevassut, Olivier, Moeller,Bodo, and Pointcheval, David. Tue .
"Provably Secure Password-based Authentication in TLS". United States.
doi:. https://www.osti.gov/servlets/purl/881394.
@article{osti_881394,
title = {Provably Secure Password-based Authentication in TLS},
author = {Abdalla, Michel and Emmanuel, Bresson and Chevassut, Olivier and Moeller,Bodo and Pointcheval, David},
abstractNote = {In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Dec 20 00:00:00 EST 2005},
month = {Tue Dec 20 00:00:00 EST 2005}
}
-
The Internet has evolved into a very hostile ecosystem where"phishing'' attacks are common practice. This paper shows that thethree-party group Diffie-Hellman key exchange can help protect againstthese attacks. We have developed a suite of password-based cipher suitesfor the Transport Layer Security (TLS) protocol that are not onlyprovably secure but also assumed to be free from patent and licensingrestrictions based on an analysis of relevant patents in thearea.
-
Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman
The internet has grown greatly in the past decade, by some numbers exceeding 47 million active web sites and a total aggregate exceeding100 million web sites. What is common practice today on the Internet is that servers have public keys, but clients are largely authenticated via short passwords. Protecting these passwords by not storing them in the clear on institutions's servers has become a priority. This paper develops password-based ciphersuites for the Transport Layer Security (TLS) protocol that are: (1) resistant to server compromise; (2) provably secure; (3) believed to be free from patent and licensing restrictions based on anmore » -
Secure password-based authenticated key exchange for web services
This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options inmore » -
Provably secure time distribution for the electric grid
We demonstrate a quantum time distribution (QTD) method that combines the precision of optical timing techniques with the integrity of quantum key distribution (QKD). Critical infrastructure is dependent on microprocessor- and programmable logic-based monitoring and control systems. The distribution of timing information across the electric grid is accomplished by GPS signals which are known to be vulnerable to spoofing. We demonstrate a method for synchronizing remote clocks based on the arrival time of photons in a modifed QKD system. This has the advantage that the signal can be veried by examining the quantum states of the photons similar to QKD. -