1 / 13

The Secure Password-Based Authentication Protocol

The Secure Password-Based Authentication Protocol. 20022127 Jeong Yunkyoung ykjeong@icu.ac.kr. Contents. Introduction Authentication over an untrusted network Secure Password Authentication Previous Work EKE SRP PAK Future Study Reference. Introduction.

arion
Télécharger la présentation

The Secure Password-Based Authentication Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Secure Password-Based Authentication Protocol 20022127 Jeong Yunkyoung ykjeong@icu.ac.kr

  2. Contents • Introduction • Authentication over an untrusted network • Secure Password Authentication • Previous Work • EKE • SRP • PAK • Future Study • Reference

  3. Introduction • Techniques for user authentication • What a user knows (passwords, PINs) • What a user is (voiceprint identification, retinal scanners) • What a user has (ID cards, smartcards) • The problem of password authentication protocol • One party must somehow prove to another party that it knows some password P. • telnet, Kerberos : insecure

  4. Alice Bob The Internet Password=“sesame” Password=“sesame” Authentication over an untrusted network(1) • We want a password authentication and key-exchange protocol suitable for authenticating users and exchanging keys over an untrusted network.

  5. Alice Bob The Internet Password=“sesame” K=3A82019B7CE8F1F9 Password=“sesame” K=3A82019B7CE8F1F9 Authentication over an untrusted network(2)

  6. Secure Password Authentication • Remote user access • If one of the entities is a user and the other is a server, then this can be seen as a problem in the area of remote user access. • Goal: security without requiring the user to carry/remember anything except password • BUT, Password is “weak” : “easily memorizable”“low entropy”“easily guessed”“drawn from a ‘small’ dictionary” • Dictionary attack

  7. Previous Work - EKE • Encrypted Key Exchange • Steven M. Bellovin, Michael Merritt • Notation

  8. Alice Bob K Previous Work - EKE • Protocol (using RSA) • Both parites have cleartext versions of the shared password.

  9. Previous Work - SRP • Secure Remote Password Protocol • Thomas Wu • Notation

  10. Carol Steve Previous Work - SRP • Protocol • To establish a password P with Steve, Carol picks a random salt s, and computes .

  11. Alice Bob Previous Work - PAK • Victor Boyko, Philip MacKenzie, Sarvar patel • P=rq+1 for some value r co-prime to q. • g is a generator of a subgroup of of size q. • The resulting session key is K.

  12. Suggest efficient and secure password-based authentication protocol. Future Study • Some effort is needed. • My approach… • Network is insecure. • PAP for using a short password. • Don’t have cleartext version of the shared password. • Less rounding. • Using Diffie-Hellman and Hash,etc.

  13. Reference • S.M.Bellovin and M.Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE Security 92, pages 72-84. • S.M.Bellovin and M.Merritt. Augumented encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE Security 92, pages 72-84. • T.Wu. The secure remote password protocol. In NDSS 98, pages 97-111 • V.Boyko, P.MacKenzie, and S.Patel. Provably-secure password authentication and key exchange using Diffie-Hellman. In EUROCRYPT2000 , PAGES 156-171. • P.MacKenzie and R.Swaminathan. Secure network authentication with password information. Manuscript.

More Related