Provably Secure Password-Based Authentication in TLS (Extended abstract)

this paper, we show how to design an ecient, provably secure password-based authenticated key exchange mecha- nism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify them- selves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Die- Hellman ciphersuites in which the client's Die-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password. The SOKE ciphersuites, in advantage over previous pass- word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security ar- guments; the proof of security based on the computational Die-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally ef- ficient; in particular, it only needs operations in a suciently large prime-order subgroup for its Die-Hellman computa-

[1]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[2]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[3]  Rafail Ostrovsky,et al.  Forward Secrecy in Password-Only Key Exchange Protocols , 2002, SCN.

[4]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[5]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[6]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Michael Waidner,et al.  Secure password-based cipher suite for TLS , 2001, NDSS.

[8]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[9]  Emmanuel Bresson,et al.  New Security Results on Encrypted Key Exchange , 2003, Public Key Cryptography.

[10]  E. Bresson,et al.  Security Proofs for an Ecien t Password-Based Key Exchange , 2003 .

[11]  Emmanuel Bresson,et al.  Security proofs for an efficient password-based key exchange , 2003, CCS '03.

[12]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[13]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[14]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[15]  Olivier Chevassut,et al.  Secure password-based authenticated key exchange for web services , 2004, SWS '04.

[16]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[17]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[18]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[19]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[20]  Olivier Chevassut,et al.  One-Time Verifier-Based Encrypted Key Exchange , 2005, Public Key Cryptography.

[21]  Dave Taylor,et al.  Using SRP for TLS Authentication , 2001 .