Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2

This document describes an efficient augmented password-only authentication and key exchange (AugPAKE) protocol where a user remembers a low-entropy password and its verifier is registered in the intended server. In general, the user password is chosen from a small set of dictionary words that allows an attacker to perform exhaustive searches (i.e., off-line dictionary attacks). The AugPAKE protocol described here is secure against passive attacks, active attacks, and off-line dictionary attacks (on the obtained messages with passive/active attacks), and also provides resistance to server compromise (in the context of augmented PAKE security). In addition, this document describes how the AugPAKE protocol is integrated into the Internet Key Exchange Protocol version 2 (IKEv2). This document defines an Experimental Protocol for the Internet community.

[1]  Kurt D. Zeilenga,et al.  SASLprep: Stringprep Profile for User Names and Passwords , 2005, RFC.

[2]  Elaine B. Barker,et al.  SP 800-56A. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) , 2007 .

[3]  William E. Burr,et al.  Electronic Authentication Guideline | NIST , 2004 .

[4]  Stephen T. Kent,et al.  Additional Diffie-Hellman Groups for Use with IETF Standards , 2008, RFC.

[5]  Lidong Chen,et al.  Recommendation for Key Derivation Using Pseudorandom Functions (Revised) , 2009 .

[6]  Paul E. Hoffman,et al.  Preparation of Internationalized Strings ("stringprep") , 2002, RFC.

[7]  Elaine B. Barker,et al.  Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography , 2007 .

[8]  Tero Kivinen Secure Password Framework for Internet Key Exchange Version 2 (IKEv2) , 2011, RFC.

[9]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[10]  Thomas Wu,et al.  The SRP Authentication and Key Exchange System , 2000, RFC.

[11]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12]  SeongHan Shin,et al.  Security Proof of AugPAKE , 2010, IACR Cryptol. ePrint Arch..

[13]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[14]  Jari Arkko,et al.  The Network Access Identifier , 2005, RFC.

[15]  Ray A. Perlner,et al.  Electronic Authentication Guideline , 2014 .

[16]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[18]  Dan Harkins Password-Based Authentication in IKEv2: Selection Criteria and Considerations , 2010 .