Title :
Number theoretic attacks on secure password schemes
Author_Institution :
Math. & Cryptography Res. Group, Bellcore, Morristown, NJ, USA
Abstract :
Encrypted Key Exchange (EKE) (S. Bellovin and M. Merritt, 1992; 1993) allows two parties sharing a password to exchange authenticated information over an insecure network by using a combination of public and secret key cryptography. EKE promises security against active attacks and dictionary attacks. Other secure protocols have been proposed based on the use of randomized confounders (L. Gong et al., 1993). We use some basic results from number theory to present password guessing attacks on all versions of EKE discussed in the paper (S. Bellovin and M. Merritt, 1992) and we also offer countermeasures to the attacks. However for the RSA version of EKE, we show that simple modifications are not enough to rescue the protocol. Attacks are also presented on half encrypted versions of EKE. We also show how randomized confounders cannot protect Direct Authentication Protocol and Secret Public Key Protocol versions of a secure password scheme from attacks. We discuss why these attacks are possible against seemingly secure protocols and what is necessary to make secure protocols
Keywords :
authorisation; computer network management; cryptography; message authentication; number theory; Direct Authentication Protocol; EKE; Encrypted Key Exchange; RSA version; Secret Public Key Protocol versions; active attacks; authenticated information exchange; dictionary attacks; half encrypted versions; insecure network; number theoretic attacks; password guessing attacks; randomized confounders; secret key cryptography; secure password schemes; secure protocols; Authentication; Cryptography; Dictionaries; Humans; Information security; Protection; Protocols; Public key; Random number generation;
Conference_Titel :
Security and Privacy, 1997. Proceedings., 1997 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-7828-3
DOI :
10.1109/SECPRI.1997.601340
