Abstract:
In this paper, we show how to design an efficient, provably secure
password-based authenticated key exchange mechanism specifically for
the TLS (Transport Layer Security) protocol. The goal is to provide a
technique that allows users to employ (short) passwords to securely
identify themselves to servers. As our main contribution, we describe
a new password-based technique for user authentication in TLS, called
Simple Open Key Exchange (SOKE). Loosely speaking, the
SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites
in which the client's Diffie-Hell-man ephemeral public value is
encrypted using a simple mask generation function. The mask is simply
a constant value raised to the power of (a hash of) the password.
The SOKE ciphersuites, in advantage over previous pass-word-based
authentication ciphersuites for TLS, combine the following
features. First, SOKE has formal security arguments; the proof of
security based on the computational Diffie-Hellman assumption is in
the random oracle model, and holds for concurrent executions and for
arbitrarily large password dictionaries. Second, SOKE is
computationally efficient; in particular, it only needs operations in
a sufficiently large prime-order subgroup for its Diffie-Hellman
computations (no safe primes).
Third, SOKE provides good protocol flexibility because the user identity
and password are only required once a SOKE ciphersuite has actually
been negotiated, and after the server has sent a server identity.
Keywords:
Encrypted Key Exchange, Password Authentication, TLS.
Reference: Proceedings of the ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS'06), Taipei, Taiwan, March 21-24, 2006.
Full paper: PostScript,. PDF.
Presentation: PDF.
Related papers:
[an error occurred while processing this directive]