The Secure PasswordBased Authentication Protocol - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

The Secure PasswordBased Authentication Protocol

Description:

The Internet. Secure Password Authentication. Remote user access ... key exchange: Password-based protocols secure against dictionary attacks. ... – PowerPoint PPT presentation

Number of Views:212
Avg rating:3.0/5.0
Slides: 14
Provided by: jeongyu
Category:

less

Transcript and Presenter's Notes

Title: The Secure PasswordBased Authentication Protocol


1
The Secure Password-Based Authentication Protocol
  • 20022127
  • Jeong Yunkyoung
  • ykjeong_at_icu.ac.kr

2
Contents
  • Introduction
  • Authentication over an untrusted network
  • Secure Password Authentication
  • Previous Work
  • EKE
  • SRP
  • PAK
  • Future Study
  • Reference

3
Introduction
  • Techniques for user authentication
  • What a user knows (passwords, PINs)
  • What a user is (voiceprint identification,
    retinal scanners)
  • What a user has (ID cards, smartcards)
  • The problem of password authentication protocol
  • One party must somehow prove to another party
    that it knows some password P.
  • telnet, Kerberos insecure

4
Authentication over an untrusted network(1)
  • We want a password authentication and
    key-exchange protocol suitable for authenticating
    users and exchanging keys over an untrusted
    network.

5
Authentication over an untrusted network(2)
6
Secure Password Authentication
  • Remote user access
  • If one of the entities is a user and the other is
    a server, then this can be seen as a problem in
    the area of remote user access.
  • Goal security without requiring the user to
    carry/remember anything except password
  • BUT, Password is weak easily memorizable
    low entropy easily guessed drawn from a
    small dictionary
  • Dictionary attack

7
Previous Work - EKE
  • Encrypted Key Exchange
  • Steven M. Bellovin, Michael Merritt
  • Notation

8
Previous Work - EKE
  • Protocol (using RSA)
  • Both parites have cleartext versions of the
    shared password.

9
Previous Work - SRP
  • Secure Remote Password Protocol
  • Thomas Wu
  • Notation

10
Previous Work - SRP
  • Protocol
  • To establish a password P with Steve, Carol picks
    a random salt s, and computes .

11
Previous Work - PAK
  • Victor Boyko, Philip MacKenzie, Sarvar patel
  • Prq1 for some value r co-prime to q.
  • g is a generator of a subgroup of of size q.
  • The resulting session key is K.

12
Future Study
  • Some effort is needed.
  • My approach
  • Network is insecure.
  • PAP for using a short password.
  • Dont have cleartext version of the shared
    password.
  • Less rounding.
  • Using Diffie-Hellman and Hash,etc.

13
Reference
  • S.M.Bellovin and M.Merritt. Encrypted key
    exchange Password-based protocols secure against
    dictionary attacks. In IEEE Security 92, pages
    72-84.
  • S.M.Bellovin and M.Merritt. Augumented encrypted
    key exchange Password-based protocols secure
    against dictionary attacks. In IEEE Security 92,
    pages 72-84.
  • T.Wu. The secure remote password protocol. In
    NDSS 98, pages 97-111
  • V.Boyko, P.MacKenzie, and S.Patel.
    Provably-secure password authentication and key
    exchange using Diffie-Hellman. In EUROCRYPT2000 ,
    PAGES 156-171.
  • P.MacKenzie and R.Swaminathan. Secure network
    authentication with password information.
    Manuscript.
Write a Comment
User Comments (0)
About PowerShow.com