Password-authenticated key exchange based on RSA |
| |
Authors: | Philip MacKenzie Sarvar Patel Ram Swaminathan |
| |
Affiliation: | 1. Bell Laboratories, Lucent Technologies, Murrary Hill, NJ, 07974, USA 2. Google, Inc, 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA 3. Google, Inc, 76 9th Ave, New York, NY, 10011, USA 4. Hewlett-Packard Laboratories, 1501 Page Mill Road, Palo Alto, CA, 94304, USA
|
| |
Abstract: | There have been many proposals in recent years for password-authenticated key exchange protocols, i.e., protocols in which
two parties who share only a short secret password perform a key exchange authenticated with the password. However, the only
ones that have been proven secured against offline dictionary attacks were based on Diffie–Hellman key exchange. We examine
how to design a secure password-authenticated key exchange protocol based on RSA. In this paper, we first look at the OKE
and protected-OKE protocols (both RSA-based) and show that they are insecure. Then we show how to modify the OKE protocol
to obtain a password-authenticated key exchange protocol that can be proven secure (in the random oracle model). This protocol
is very practical; in fact, it requires about the same amount of computation as the Diffie–Hellman-based protocols. Finally,
we present an augmented protocol that is resilient to server compromise, meaning (informally) that an attacker who compromises
a server would not be able to impersonate a client, at least not without running an offline dictionary attack against that
client’s password. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|