Abstract:
This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-SecureConversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WS-ResourceFramework compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.
Keywords:
Reference:
Proceedings of the ACM Workshop on Secure Web Services,
Oct 29, Washington, 2004, pp ??.
Full paper: PostScript, Compressed PostScript. PDF, Compressed PDF.
Presentation: PDF.
Related papers:
M. Abdalla, O.Chevassut and D. Pointcheval, "One-time Verifier-based Encrypted Key Exchange", Proceedings of the International Workshop on Practice and Theory in Public Key Cryptography (PKC), Switzerland, Feb 23-26, 2005
E. Bresson, O. Chevassut and D. Pointcheval, "Security Proofs for an Efficient Password-based Key Exchange", ACM Conference on Computer and Communications Security, October 27-30, Washington, DC, USA, 2003.
[an error occurred while processing this directive]