the secure password-based authentication protocol
DESCRIPTION
The Secure Password-Based Authentication Protocol. 20022127 Jeong Yunkyoung [email protected]. Contents. Introduction Authentication over an untrusted network Secure Password Authentication Previous Work EKE SRP PAK Future Study Reference. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
The Secure Password-Based Authentication Protocol
20022127Jeong [email protected]
Contents
Introduction Authentication over an untrusted network Secure Password Authentication Previous Work
EKE SRP PAK
Future Study Reference
Introduction
Techniques for user authentication What a user knows (passwords, PINs) What a user is (voiceprint identification, retinal scanners) What a user has (ID cards, smartcards)
The problem of password authentication protocol One party must somehow prove to another party that it kno
ws some password P. telnet, Kerberos : insecure
Authentication over an untrusted network(1) We want a password authentication and key-exchang
e protocol suitable for authenticating users and exchanging keys over an untrusted network.
Alice Bob
Password=“sesame” Password=“sesame”
The Internet
Authentication over an untrusted network(2)
Alice Bob
Password=“sesame”K=3A82019B7CE8F1F9
Password=“sesame”K=3A82019B7CE8F1F9
The Internet
Secure Password Authentication
Remote user access If one of the entities is a user and the other is a server, the
n this can be seen as a problem in the area of remote user access.
Goal: security without requiring the user to carry/remember anything except password
BUT, Password is “weak” : “easily memorizable” “low entropy” “easily guessed” “drawn from a ‘small’ dictionary”
Dictionary attack
Previous Work - EKE
Encrypted Key Exchange Steven M. Bellovin, Michael Merritt Notation
tion.exponentia discretefor modulus and Base : ,
B.by generated challenge randomA :
A.by generated challenge randomA :
R.key with info"" of decryption key)-(secret Symmetric :)(
R.key with info"" of encryption key)-(secret Symmetric : )(
ems).cryptosyst symmetric(for keyssecret Random :
exponents. Random : ,
key. a as usedoften secret, shared a : password The :
Bob) and (Alice .Principals System:,
1
B
A
BA
challenge
challenge
foinK
foinK
K
RR
P
BA
Previous Work - EKE
Protocol (using RSA)
Both parites have cleartext versions of the shared password.
)](mod[, ARPA
AliceAlice BobBob
))(mod( BA RR)](mod[ BRP
],[ BA challengechallengeK
][ AchallengeK
][ BchallengeKK
Previous Work - SRP
Secure Remote Password Protocol Thomas Wu Notation
key.Session :
function.hash way -One : ()
keys. public ingCorrespond : ,
revealed.publicly not andrandomly generated keys, private Ephermeral : ,
revealed.publicly parameter, scrambling Random :
verifier.password shost' The :
. and password thefrom derivedkey privateA :
password. suser' The :
salt. suser' theas used string randomA :
). a called(often moduloroot primitive :
. modulo performed are nscomputatio All number. prime largeA :
K
H
BA
ba
u
v
saltx
P
s
generatorn g
nn
Previous Work - SRP
Protocol To establish a password P with Steve, Carol picks a
random salt s, and computes .
name)user (C), lookup( vs
s),( PsHx
agA A
)(
)(
SHK
AvS
gvBbu
b
uB,
)(
)(
SHK
gBS uxax
),,(1 KBAHM
),,( 12 KMAHM
)verify ( 1M
)verify ( 2M 2M
1M
CarolCarol Steve
Steve
xgvPsHx ),,(
Previous Work - PAK
Victor Boyko, Philip MacKenzie, Sarvar patel P=rq+1 for some value r co-prime to q. g is a generator of a subgroup of of size q. The resulting session key is K.
AliceAlice BobBob
rx
qR
BAHgm
Zx
)),,(( 1
m
),,,,,(
))),,((
mod0
2
1
?
mBAHk
BAH
m
g
Zy
pmTest
a
r
y
qR
k,
),,,,,(
),,,,,('
),,,,,(Test
3
2
2
?
mBAHK
mBAHk
mBAHk
b
a
x
'k
),,,,,(
),,,,,('Test
3
2
?
mBAHK
mBAHk b
),( BA *pZ
Future Study
Some effort is needed. My approach…
Network is insecure. PAP for using a short password. Don’t have cleartext version of the shared password. Less rounding. Using Diffie-Hellman and Hash,etc.
Suggest efficient and secure password-based
authentication protocol.
Reference
S.M.Bellovin and M.Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE Security 92, pages 72-84.
S.M.Bellovin and M.Merritt. Augumented encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE Security 92, pages 72-84.
T.Wu. The secure remote password protocol. In NDSS 98, pages 97-111
V.Boyko, P.MacKenzie, and S.Patel. Provably-secure password authentication and key exchange using Diffie-Hellman. In EUROCRYPT2000 , PAGES 156-171.
P.MacKenzie and R.Swaminathan. Secure network authentication with password information. Manuscript.