The Secure PasswordBased Authentication Protocol - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

The Secure PasswordBased Authentication Protocol

Description:

The Internet. Secure Password Authentication. Remote user access ... key exchange: Password-based protocols secure against dictionary attacks. ... – PowerPoint PPT presentation

Number of Views:212
Avg rating:3.0/5.0
Slides: 14
Provided by: jeongyu
Category:

less

Transcript and Presenter's Notes

Title: The Secure PasswordBased Authentication Protocol


1
The Secure Password-Based Authentication Protocol
  • 20022127
  • Jeong Yunkyoung
  • ykjeong_at_icu.ac.kr

2
Contents
  • Introduction
  • Authentication over an untrusted network
  • Secure Password Authentication
  • Previous Work
  • EKE
  • SRP
  • PAK
  • Future Study
  • Reference

3
Introduction
  • Techniques for user authentication
  • What a user knows (passwords, PINs)
  • What a user is (voiceprint identification,
    retinal scanners)
  • What a user has (ID cards, smartcards)
  • The problem of password authentication protocol
  • One party must somehow prove to another party
    that it knows some password P.
  • telnet, Kerberos insecure

4
Authentication over an untrusted network(1)
  • We want a password authentication and
    key-exchange protocol suitable for authenticating
    users and exchanging keys over an untrusted
    network.

5
Authentication over an untrusted network(2)
6
Secure Password Authentication
  • Remote user access
  • If one of the entities is a user and the other is
    a server, then this can be seen as a problem in
    the area of remote user access.
  • Goal security without requiring the user to
    carry/remember anything except password
  • BUT, Password is weak easily memorizable
    low entropy easily guessed drawn from a
    small dictionary
  • Dictionary attack

7
Previous Work - EKE
  • Encrypted Key Exchange
  • Steven M. Bellovin, Michael Merritt
  • Notation

8
Previous Work - EKE
  • Protocol (using RSA)
  • Both parites have cleartext versions of the
    shared password.

9
Previous Work - SRP
  • Secure Remote Password Protocol
  • Thomas Wu
  • Notation

10
Previous Work - SRP
  • Protocol
  • To establish a password P with Steve, Carol picks
    a random salt s, and computes .

11
Previous Work - PAK
  • Victor Boyko, Philip MacKenzie, Sarvar patel
  • Prq1 for some value r co-prime to q.
  • g is a generator of a subgroup of of size q.
  • The resulting session key is K.

12
Future Study
  • Some effort is needed.
  • My approach
  • Network is insecure.
  • PAP for using a short password.
  • Dont have cleartext version of the shared
    password.
  • Less rounding.
  • Using Diffie-Hellman and Hash,etc.

13
Reference
  • S.M.Bellovin and M.Merritt. Encrypted key
    exchange Password-based protocols secure against
    dictionary attacks. In IEEE Security 92, pages
    72-84.
  • S.M.Bellovin and M.Merritt. Augumented encrypted
    key exchange Password-based protocols secure
    against dictionary attacks. In IEEE Security 92,
    pages 72-84.
  • T.Wu. The secure remote password protocol. In
    NDSS 98, pages 97-111
  • V.Boyko, P.MacKenzie, and S.Patel.
    Provably-secure password authentication and key
    exchange using Diffie-Hellman. In EUROCRYPT2000 ,
    PAGES 156-171.
  • P.MacKenzie and R.Swaminathan. Secure network
    authentication with password information.
    Manuscript.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The Secure PasswordBased Authentication Protocol" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!