ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Secure password-based cipher suite for TLS
Full text PdfPdf (508 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 4 ,  Issue 2  (May 2001) table of contents
Pages: 134 - 157  
Year of Publication: 2001
ISSN:1094-9224
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 18,   Downloads (12 Months): 140,   Citation Count: 6
Additional Information:

abstract   references   cited by   index terms   review  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/501963.501965
What is a DOI?

ABSTRACT

SSL is the de facto standard today for securing end-to-end transport on the Internet. While the protocol itself seems rather secure, there are a number of risks that lurk in its use, for example, in web banking. However, the adoption of password-based key-exchange protocols can overcome some of these problems. We propose the integration of such a protocol (DH-EKE) in the TLS protocol, the standardization of SSL by IETF. The resulting protocol provides secure mutual authentication and key establishment over an insecure channel. It does not have to resort to a PKI or keys and certificates stored on the users computer. Additionally, its integration in TLS is as minimal and non-intrusive as possible.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
ANDERSON,R.J.,AND LOMAS, T. M. A. 1994. Fortifying key negotiation schemes with poorly chosen passwords. Electron. Lett. 30, 13 (June), 1040-1041.
 
2
Shahram Bakhtiari , Reihaneh Safavi-Naini , Josef Pieprzyk, On password-based authenticated key exchange using collisionful hash functions, Proceedings of the First Australasian Conference on Information Security and Privacy, p.299-310, June 24-26, 1996
3
Mihir Bellare , Ran Canetti , Hugo Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract), Proceedings of the thirtieth annual ACM symposium on Theory of computing, p.419-428, May 24-26, 1998, Dallas, Texas, United States  [doi>10.1145/276698.276854]
 
4
BELLARE, M., POINTCHEVAL,D.,AND ROGAWAY, P. 2000. Authenticated key exchange secure against dictionary attacks. In Cryptology, ePrint Archive Report 2000/014, 28 April.
5
Mihir Bellare , Phillip Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, Proceedings of the 1st ACM conference on Computer and communications security, p.62-73, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168596]
 
6
BELLARE, M., AND ROGAWAY, P. 1995a. Optimal asymmetric encryption-how to encrypt with RSA. In Advances in Cryptology-EUROCRYPT '94, Lecture Notes in Computer Science, vol. 950. International Association for Cryptologic Research: Springer-Verlag, Berlin, Germany, pp. 92-111. Final (revised) version appeared November 19, 1995. Available from http://www-cse.ucsd.edu/users/mihir/papers/oaep.html.
7
Mihir Bellare , Phillip Rogaway, Provably secure session key distribution: the three party case, Proceedings of the twenty-seventh annual ACM symposium on Theory of computing, p.57-66, May 29-June 01, 1995, Las Vegas, Nevada, United States  [doi>10.1145/225058.225084]
 
8
BELLARE, M., AND ROGAWAY, P. 2000. The AuthA protocol for password-based authenticated key exchange. Tech. rep. (March), Contribution to the IEEE P1363 Study Group for Future Public- Key Cryptography Standards.
 
9
BELLOVIN,S.M.,AND MERRITT, M. 1991. Limitations of the Kerberos authentication system. In USENIX Conference Proceedings (Dallas, TX, Winter). USENIX, pp. 253-267.
 
10
Steven M. Bellovin , Michael Merritt, Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.72, May 04-06, 1992
11
Steven M. Bellovin , Michael Merritt, Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise, Proceedings of the 1st ACM conference on Computer and communications security, p.244-250, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168618]
 
12
BERNERS-LEE, T., FIELDING,R.T.,NIELSEN,H.F.,GETTYS,J.,AND MOGUL, J. 1997. Hypertext Transfer Protocol-HTTP/1.1. Internet Request for Comment RFC 2068 (Jan.), Internet Engineering Task Force.
 
13
BISHOP, M., AND KLEIN, D. V. 1995. Improving system security via proactive password checking. Comput. Sec. 14, 3, 233-249.
 
14
BLACK,J.,AND ROGAWAY, P. 2000. Ciphers with arbitrary finite domains. Manuscript. Available from http://www.cs.unr.edu/-jrb/papers.html.
 
15
Daniel Bleichenbacher, Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1, Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p.1-12, August 23-27, 1998
 
16
BOYKO, V., MACKENZIE,P.,AND PATEL S. 2000. Provably secure password-authenticated key exhange using Diffie-Hellman. In Advances in Cryptology-EUROCRYPT '2000, B. Preneel Ed., Lecture Notes in Computer Science, vol. 1807. (Brugge, Belgium). Springer-Verlag, Berlin, Germany, pp. 156-171.
 
17
BUHLER, P., EIRICH, T., STEINER, M., AND WAIDNER, M. 2000. Secure password-based cipher suite for TLS. In Proceedings of the Symposium on Network and Distributed Systems Security (San Diego, CA, Feb.). Internet Society, Reston, Va., pp. 129-142.
 
18
CHAPPELL, D. 1999. Exploring Kerberos, the protocol for distributed security in Windows 2000. Microsoft Syst. J. 14, 8 (Aug.).
 
19
DIERKS,T.,AND ALLEN, C. 1999. The TLS rotocal version 1.0. Internet Request for Comment RFC 2246 (Jan.), Internet Engineering Task Force.
 
20
DIFFIE,W.,AND HELLMAN, M. 1976. New directions in cryptography. IEEE Trans. Inf. Theory IT-22, 6 (Nov.), 644-654.
 
21
FREIER,A.O.,KARITON,P.,AND KOCHER, P. C. 1996. The SSL protocol: Version 3.0. Internet draft, Netscape Communications.
22
T. Lomas , L. Gong , J. Saltzer , R. Needhamn, Reducing risks from poorly chosen keys, Proceedings of the twelfth ACM symposium on Operating systems principles, p.14-18, November 1989
 
23
GONG, L., LOMAS, M., NEEDHAM, R., AND SALTZER, J. 1993. Protecting poorly chosen secrets from, guessing attacks. IEEE J. Sel. Areas Commun. 11, 5 (June), 648-656.
24
Shai Halevi , Hugo Krawczyk, Public-key cryptography and password protocols, ACM Transactions on Information and System Security (TISSEC), v.2 n.3, p.230-268, Aug. 1999  [doi>10.1145/322510.322514]
25
David P. Jablon, Strong password-only authenticated key exchange, ACM SIGCOMM Computer Communication Review, v.26 n.5, p.5-26, Oct. 1996  [doi>10.1145/242896.242897]
 
26
David P. Jablon, Extended Password Key Exchange Protocols Immune to Dictionary Attacks, Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises, p.248-255, June 18-20, 1997
 
27
KALISKI,B.,AND STADDON, J. 1998. PKCS #1: RSA cryptography specifications. Tech. note (Sept.), RSA Laboratories. Version 2.0. Published in October 1998 as Internet RFC 2437.
 
28
KOHL,J.T.,AND NEUMAN, B. C. 1993. The Kerberos network authentication service (V5). Internet Request for Comment RFC 1510, Internet Engineering Task Force.
 
29
Chae Hoon Lim , Pil Joong Lee, A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp, Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, p.249-263, August 17-21, 1997
 
30
Stefan Lucks, Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys, Proceedings of the 5th International Workshop on Security Protocols, p.79-90, April 07-09, 1997
 
31
Philip D. MacKenzie , Sarvar Patel , Ram Swaminathan, Password-Authenticated Key Exchange Based on RSA, Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.599-613, December 03-07, 2000
 
32
MAURER, U. M. 1995. Fast generation of prime numbers and secure public-key cryptographic parameters. J. Crypt. 8, 3, 123-155.
 
33
MEDVINSKY, A., AND HUR, M. 1999. Addition of Kerberos cipher suites to Transport Layer Security (TLS). Internet Request for Comment RFC 2712 (Oct.), Internet Engineering Task Force.
 
34
Alfred J. Menezes , Scott A. Vanstone , Paul C. Van Oorschot, Handbook of Applied Cryptography, CRC Press, Inc., Boca Raton, FL, 1996
 
35
MITCHELL, J., SHMATIKOV,V.,AND STERN, U. 1998. Finite-state analysis of SSL 3.0. In Proceedings of the 7th USENIX Security Symposium (San Antonio, Tex., Jan.). USENIX.
36
Robert Morris , Ken Thompson, Password security: a case history, Communications of the ACM, v.22 n.11, p.594-597, Nov. 1979  [doi>10.1145/359168.359172]
 
37
S. Patel, Number theoretic attacks on secure password schemes, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.236, May 04-07, 1997
 
38
RSA. 1999. PKCS #5: Password-based cryptography standard. Version 2.0 (Mar.). RSA Laboratories.
 
39
SEROUSSI, G. 1998. Compact representations of elliptic curve points over GF(2 n ). Research Contribution to IEEE P1363.
 
40
SHOUP, V. 1999. On formal models for secure key exchange. Research Report RZ 3120 (#93166) (April), IBM Research. A revised version 4, dated November 15, 1999, is available from http://www.shoup.net/papers/.
41
Michael Steiner , Gene Tsudik , Michael Waidner, Refinement and extension of encrypted key exchange, ACM SIGOPS Operating Systems Review, v.29 n.3, p.22-30, July 1995  [doi>10.1145/206826.206834]
 
42
TYGAR,J.,AND WHITTEN, A. 1996. WWW electronic commerce and Java Trojan horses. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce (Oakland, Calif., Nov.). USENIX, pp. 243-250.
 
43
WAGNER,D.,AND SCHNEIER, B. 1996. Analysis of the SSL 3.0 protocol. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce (Oakland, Calif., Nov.). USENIX, pp. 29-40.
 
44
WU, T. 1998. The secure remote password protocol. In Proceedings of the Symposium on Network and Distributed Systems Security (San Diego, Calif., Mar.). Internet Society, pp. 97-111.
 
45
WU, T. 1999. A real-world analysis of Kerberos password security. In Proceedings of the Symposium on Network and Distributed Systems Security (San Diego, Calif., Feb.). Internet Society.
 
46
Philip R. Zimmermann, The official PGP user's guide, MIT Press, Cambridge, MA, 1995

CITED BY  6
Emmanuel Bresson , Olivier Chevassut , David Pointcheval, Security proofs for an efficient password-based key exchange, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
Zhu Zhao , Zhongqi Dong , Yongge Wang, Security analysis of a password-based authentication protocol proposed to IEEE 1363, Theoretical Computer Science, v.352 n.1, p.280-287, 7 March 2006
Michel Abdalla , Emmanuel Bresson , Olivier Chevassut , Bodo Möller , David Pointcheval, Provably secure password-based authentication in TLS, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
Sebastian Gajek , Mark Manulis , Ahmad-Reza Sadeghi , Jörg Schwenk, Provably secure browser-based user-aware mutual authentication over TLS, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
Michel Abdalla , Emmanuel Bresson , Olivier Chevassut , Bodo Moller , David Pointcheval, Strong password-based authentication in TLS using the three-party group Diffie Hellman protocol, International Journal of Security and Networks, v.2 n.3/4, p.284-296, April 2007
Sebastian Gajek , Mark Manulis , Jorg Schwenk, User-aware provably secure protocols for browser-based mutual authentication, International Journal of Applied Cryptography, v.1 n.4, p.290-308, August 2009

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.2 Network Protocols
      C.2.4 Distributed Systems
          Subjects: Client/server

  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Authentication

  H. Information Systems
  H.4 INFORMATION SYSTEMS APPLICATIONS
      H.4.3 Communications Applications
          Subjects: Information browsers

  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.4 Electronic Commerce
          Subjects: Security
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication


General Terms:
Algorithms, Human Factors, Security


Keywords:
Authenticated key exchange, dictionary attack, key agreement, password, perfect forward secrecy, secure channel, transport layer security, weak secret


REVIEW

"James Speybroeck : Reviewer"

Sophisticated mathematically-based research projects have a way of finding their way into practical and important uses in the real world. This paper is a sophisticated, mathematically-based proposal that may have very important applications in bus  more...


The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player