Abstract:
``Grid''technology enables complex interactions among
computational and data resources; however, to be deployed in
production computing environments ``Grid'' needs to implement
additional security mechanisms. Recent compromises of user and
server machines at Grid sites have resulted in a need for secure
password-authentication key-exchange technologies. AuthA is an
example of such a technology considered for standardization by the
IEEE P1363.2 working group. Unfortunately in its current form
AuthA does not currently achieve the notion of forward-secrecy
in a provable-secure way nor does it allow a Grid user to log into
his account using an un-trusted computer. This paper addresses
this void by first proving that AuthA indeed achieves this
goal, and then by modifying it in such a way that it is secure
against attacks using captured user passwords or server data.
Keywords: Authenticated Key Exchange, Diffie-Hellman, Password-Based Authentication, Dictionary Attacks
Reference:
Proceedings of the International Workshop on Practice and Theory in
Public Key Cryptography (PKC),
Feb 23-26, Switzerland, 2005, pp ??.
Full paper: PostScript, Compressed PostScript. PDF, Compressed PDF.
Presentation: PDF.
Related papers:
E. Bresson, O. Chevassut and D. Pointcheval, "Security Proofs for an
Efficient Password-based Key Exchange", ACM Conference on Computer and
Communications Security,
October 27-30, Washington, DC, USA, 2003.
[an error occurred while processing this directive]