1 / 8

Challenge-Response New Authentication Scheme

Challenge-Response New Authentication Scheme. Rifaat Shekh-Yusef IETF 90, CFRG WG, Toronto, Canada July 23, 2014. Overview. Goal Define a new scheme for the challenge-response framework to replace Basic/Digest. How The proposals do not introduce any novel cryptographic algorithms .

ryo
Télécharger la présentation

Challenge-Response New Authentication Scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Challenge-ResponseNew Authentication Scheme RifaatShekh-Yusef IETF 90, CFRG WG, Toronto, Canada July 23, 2014

  2. Overview • Goal • Define a new scheme for the challenge-response framework to replace Basic/Digest. • How • The proposals do not introduce any novel cryptographic algorithms. • The proposals use a combination of existing protocols and algorithms.

  3. Challenge-Response Framework ClientServer -------------------------------------------------------------------- | | | Initial-Request | |------------------------------------------------------------->| | | | Challenge [Scheme] | |<-------------------------------------------------------------| | | | Response[Scheme] | |------------------------------------------------------------->| | | | Confirmation| |<-------------------------------------------------------------| | | Usage This framework is used by a variety of protocols; e.g. HTTP, SIP, OAuth, STUN,…

  4. Basic/Digest Schemes Issues • Weak protection of passwords at rest. • Low entropy passwords. • Password/password-hash sent on the wire. • Optional support for mutual authentication. • Susceptible to downgrade attack. • Susceptible to replay attack (depends on qop) • And more

  5. PBKDF2-JPAKE-based Proposal • PBKDF2 • Derive a key from the shared password. • Store the key in the DB. • JPAKE • Three-pass Variant • Key Confirmation To fit the above into the challenge-response framework, the proposal: • Uses the PBKDF2 key as an input to JPAKE. • Utilizes the Initial-Request. • Combines the Key Confirmationprocedure with the Three-pass Variantprocedure.

  6. Key-Derivation Proposal • Scrypt-based scheme: • Derive a key from the shared password. • Store the key in the DB. • Use the key to establish mutual authentication. • Never send the password or the key on the wire. • Key-derived data will be sent on the wire

  7. Questions • Can the WG agree on one or more PAKE protocols to consider? • Should the Key-Derivation proposal be considered and discussed here?

  8. References • PBKDF2 • "NIST Special Publication 800-132 - Recommendations for Password-Based Key Derivations", December 2010.http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf • SCRYPT • Percival, C., Josefsson, S., "The scrypt Password-Based Key Derivation Function", "draft-josefsson-scrypt-kdf-01" (Work In Progress), September 2012. • JPAKE • Hao, F., "J-PAKE: Password Authenticated Key Exchange by Juggling", draft-hao-jpake-01, (Work In Progress), December 2013.

More Related