Password-based authentication and key distribution protocols with perfect forward secrecy

In an open networking environment, a workstation usually needs to identify its legal users for providing its services. Kerberos provides an efficient approach whereby a trusted third-party authentication server is used to verify users' identities. However, Kerberos enforces the user to use strong cryptographic secret for user authentication, and hence is insecure from password guessing attacks if the user uses a weak password for convenience. In this paper, we focus on such an environment in which the users can use easy-to-remember passwords. In addition to password guessing attacks, perfect forward secrecy (PFS in short) is another important security consideration when designing an authentication and key distribution protocol. Based on the capability of protecting the client's password, the application server's secret key, and the authentication server's private key, we define seven classes of perfect forward secrecy and focus on protocols achieving class-1, class-3, and class-7 due to their hierarchical relations. Then, we propose three secure authentication and key distribution protocols to provide perfect forward secrecy of these three classes. All these protocols are efficient in protecting poorly-chosen passwords chosen by users from guessing attacks and replay attacks.

[1]  Taekyoung Kwon,et al.  An Improvement of the Password-Based Authentication Protocol (K1P) on Security against Replay Attacks , 1999 .

[2]  Taekyoung Kwon,et al.  Authenticated key exchange protocols resistant to password guessing attacks , 1998 .

[3]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[4]  Taekyoung Kwon,et al.  Efficient Key Exchange and Authentication Protocols Protecting Weak Secrets , 1998 .

[5]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[6]  Taekyoung Kwon,et al.  An adaptable and reliable authentication protocol for communication networks , 1997, Proceedings of INFOCOM '97.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[9]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[10]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[11]  Frances M. T. Brazier,et al.  Distributed Open Systems , 1994 .

[12]  Kai-Yeung Siu,et al.  Efficient protocols secure against guessing and replay attacks , 1995, Proceedings of Fourth International Conference on Computer Communications and Networks - IC3N'95.

[13]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[14]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[15]  Li Gong,et al.  Optimal authentification protocols resistant to password guessing attacks , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[16]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[18]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[19]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.