Key-exchange authentication using shared secrets

Author

Badra, Mohamad ; Hajjeh, Ibrahim

Author_Institution

Comput. Sci. & Network Dept., Ecole Nat. Superieure des Mines deTelecommun., Paris, France

Volume

39

Issue

3

fYear

2006

fDate

3/1/2006 12:00:00 AM

Firstpage

58

Lastpage

66

Abstract

Transport Layer Security standard provides connection security with peer entity authentication, data confidentiality and integrity, key generation and distribution, and security parameters negotiation. Its native integration in browsers and Web servers makes TLS the most frequently deployed security protocol. The TLS specifications use public-key certificates for mutual authentication and key establishment. We extend the TLS protocol with a new authentication scheme based on an out-of-band shared secret. Our extension, the TLS key-exchange method (KEM), ensures an end-to-end authenticated session-key exchange and allows identity protection, perfect forward secrecy (PFS), and anonymity. Furthermore, it reduces message flow and thus bandwidth on both wired and wireless networks.

Keywords

IEEE standards; data integrity; message authentication; mobile communication; public key cryptography; telecommunication security; TLS key-exchange method; TLS protocol; Transport Layer Security standard; data anonymity; data confidentiality; data integrity; identity protection; key-exchange authentication; message authentication; public-key certificates; security parameter negotiation; Access protocols; Authentication; Certification; Communication system security; Cryptographic protocols; Data security; Phase shift keying; Protection; Public key cryptography; Wireless networks; Authentication and key exchange protocols; Wireless communications; Wireless security;

fLanguage

English

Journal_Title

Computer

Publisher

ieee

ISSN

0018-9162

Type

jour

DOI

10.1109/MC.2006.94

Filename

1607951