Title :
Extended password key exchange protocols immune to dictionary attack
Author :
Jablon, David P.
Author_Institution :
Integrity Sci. Inc., USA
Abstract :
Strong password methods verify even small passwords over a network without additional stored keys or certificates with the user, and without fear of network dictionary attack. We describe a new extension to further limit exposure to theft of a stored password-verifier, and apply it to several protocols including the Simple Password Exponential Key Exchange (SPEKE). Alice proves knowledge of a password C to Bob, who has a stored verifier S, where S=gC mod p. They perform a SPEKE exchange based on the shared secret S to derive ephemeral shared key K1. Bob chooses a random X and sends gX mod p. Alice computes K=gXC mod p, and proves knowledge of {K1 ,K2}. Bob verifies this result to confirm that Alice knows C. Implementation issues are summarized, showing the potential for improved performance over Bellovin and Merritt´s comparably strong Augmented-Encrypted Key Exchange. These methods make the password a strong independent factor in authentication, and are suitable for both Internet and intranet use
Keywords :
Internet; access protocols; message authentication; security of data; Internet; Simple Password Exponential Key Exchange; authentication; dictionary attack; extended password key exchange protocols; intranet use; stored password-verifier; Authentication; Computer security; Data security; Databases; Dictionaries; Entropy; Internet; Protection; Protocols; Public key cryptography;
Conference_Titel :
Enabling Technologies: Infrastructure for Collaborative Enterprises, 1997. Proceedings., Sixth IEEE Workshops on
Conference_Location :
Cambridge, MA
Print_ISBN :
0-8186-7967-0
DOI :
10.1109/ENABL.1997.630822
