The Secure Password-Based Authentication Protocol

20022127Jeong Yunkyoungykjeong@icu.ac.kr

Contents

Introduction Authentication over an untrusted network Secure Password Authentication Previous Work

EKE SRP PAK

Future Study Reference

Introduction

Techniques for user authentication What a user knows (passwords, PINs) What a user is (voiceprint identification, retinal scanners) What a user has (ID cards, smartcards)

The problem of password authentication protocol One party must somehow prove to another party that it kno

ws some password P. telnet, Kerberos : insecure

Authentication over an untrusted network(1) We want a password authentication and key-exchang

e protocol suitable for authenticating users and exchanging keys over an untrusted network.

Alice Bob

Password=“sesame” Password=“sesame”

The Internet

Authentication over an untrusted network(2)

Alice Bob

Password=“sesame”K=3A82019B7CE8F1F9

Password=“sesame”K=3A82019B7CE8F1F9

The Internet

Secure Password Authentication

Remote user access If one of the entities is a user and the other is a server, the

n this can be seen as a problem in the area of remote user access.

Goal: security without requiring the user to carry/remember anything except password

BUT, Password is “weak” : “easily memorizable” “low entropy” “easily guessed” “drawn from a ‘small’ dictionary”

Dictionary attack

Previous Work - EKE

Encrypted Key Exchange Steven M. Bellovin, Michael Merritt Notation

tion.exponentia discretefor modulus and Base : ,

B.by generated challenge randomA :

A.by generated challenge randomA :

R.key with info"" of decryption key)-(secret Symmetric :)(

R.key with info"" of encryption key)-(secret Symmetric : )(

ems).cryptosyst symmetric(for keyssecret Random :

exponents. Random : ,

key. a as usedoften secret, shared a : password The :

Bob) and (Alice .Principals System:,

1

B

A

BA

challenge

challenge

foinK

foinK

K

RR

P

BA

Previous Work - EKE

Protocol (using RSA)

Both parites have cleartext versions of the shared password.

)](mod[, ARPA

AliceAlice BobBob

))(mod( BA RR)](mod[ BRP

],[ BA challengechallengeK

][ AchallengeK

][ BchallengeKK

Previous Work - SRP

Secure Remote Password Protocol Thomas Wu Notation

key.Session :

function.hash way -One : ()

keys. public ingCorrespond : ,

revealed.publicly not andrandomly generated keys, private Ephermeral : ,

revealed.publicly parameter, scrambling Random :

verifier.password shost' The :

. and password thefrom derivedkey privateA :

password. suser' The :

salt. suser' theas used string randomA :

). a called(often moduloroot primitive :

. modulo performed are nscomputatio All number. prime largeA :

K

H

BA

ba

u

v

saltx

P

s

generatorn g

nn

Previous Work - SRP

Protocol To establish a password P with Steve, Carol picks a

random salt s, and computes .

name)user (C), lookup( vs

s),( PsHx

agA A

)(

)(

SHK

AvS

gvBbu

b

uB,

)(

)(

SHK

gBS uxax

),,(1 KBAHM

),,( 12 KMAHM

)verify ( 1M

)verify ( 2M 2M

1M

CarolCarol Steve

Steve

xgvPsHx ),,(

Previous Work - PAK

Victor Boyko, Philip MacKenzie, Sarvar patel P=rq+1 for some value r co-prime to q. g is a generator of a subgroup of of size q. The resulting session key is K.

AliceAlice BobBob

rx

qR

BAHgm

Zx

)),,(( 1

m

),,,,,(

))),,((

mod0

2

1

?

mBAHk

BAH

m

g

Zy

pmTest

a

r

y

qR

k,

),,,,,(

),,,,,('

),,,,,(Test

3

2

2

?

mBAHK

mBAHk

mBAHk

b

a

x

'k

),,,,,(

),,,,,('Test

3

2

?

mBAHK

mBAHk b

),( BA *pZ

Future Study

Some effort is needed. My approach…

Network is insecure. PAP for using a short password. Don’t have cleartext version of the shared password. Less rounding. Using Diffie-Hellman and Hash,etc.

Suggest efficient and secure password-based

authentication protocol.

Reference

S.M.Bellovin and M.Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE Security 92, pages 72-84.

S.M.Bellovin and M.Merritt. Augumented encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE Security 92, pages 72-84.

T.Wu. The secure remote password protocol. In NDSS 98, pages 97-111

V.Boyko, P.MacKenzie, and S.Patel. Provably-secure password authentication and key exchange using Diffie-Hellman. In EUROCRYPT2000 , PAGES 156-171.

P.MacKenzie and R.Swaminathan. Secure network authentication with password information. Manuscript.