Strong password-based authentication in TLS using the three-party group Diffie Hellman protocol

Secure protocols for password-based user authentication are well-studied in the cryptographic literature but have failed to see wide-spread adoption on the internet; most proposals to date require extensive modifications to the Transport Layer Security (TLS) protocol, making deployment challenging. Recently, a few modular designs have been proposed in which a cryptographically secure password-based mutual authentication protocol is run inside a confidential (but not necessarily authenticated) channel such as TLS; the password protocol is bound to the established channel to prevent active attacks. Such protocols are useful in practice for a variety of reasons: security no longer relies on users' ability to validate server certificates and can potentially be implemented with no modifications to the secure channel protocol library. We provide a systematic study of such authentication protocols. Building on recent advances in modeling TLS, we give a formal definition of the intended security goal, which we call password-authenticated and confidential channel establishment (PACCE). We show generically that combining a secure Queensland University of Technology, Brisbane, Australia channel protocol, such as TLS, with a password authentication or password-authenticated key exchange protocol, where the two protocols are bound together using the transcript of the secure channel's handshake, the server's certificate, or the server's domain name, results in a secure PACCE protocol. Our prototypes based on TLS are available as a cross-platform client-side Firefox browser extension as well as an Android application and a server-side web application that can easily be installed on servers.

show abstract

“…It has also been noted that the myriad patents related to PAKE have had a negative impact on adoption [2].…”

Section: Discussionmentioning

confidence: 99%

Secure modular password authentication for the web using channel bindings

Manulis

Stebila

Kiefer³

et al. 2016

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…we use the inverse of encoding (3) : 1) : Z q → G and I F (3,1) follows the specification from [29,Lemma 12] with prime |q | = (λ) > 2|N | to meet IHME requirements.…”

Section: Fig 2: Oblivious Spake (O-spake)mentioning

confidence: 99%

“…There exist further PAKE flavours, including three-party protocols [3,7] and group protocols [1,9]. Furthermore, threshold-based PAKE protocols, e.g.…”

Section: Introductionmentioning

confidence: 99%

Oblivious PAKE: Efficient Handling of Password Trials

Kiefer

Manulis

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this work we introduce the notion of Oblivious Password based Authenticated Key Exchange (O-PAKE) and a compiler to transform a large class of PAKE into O-PAKE protocols. O-PAKE allows a client that shares one password with a server to use a subset of passwords within one PAKE session. It succeeds if and only if one of those input passwords matches the one stored on the server side. The term oblivious is used to emphasise that no information about any password, input by the client, is made available to the server. O-PAKE protocols can be used to improve the overall efficiency of login attempts using PAKE protocols in scenarios where users are not sure (e.g. no longer remember) which of their passwords has been used at a particular web server. Using special processing techniques, our O-PAKE compiler reaches nearly constant run time on the server side, independent of the size of the client's password set; in contrast, a naive approach to run a new PAKE session for each login attempt would require linear run time for both parties. We prove security of the O-PAKE compiler under standard assumptions using the latest game-based PAKE model by Abdalla, Fouque and Pointcheval (PKC 2005), tailored to our needs. We identify the requirements that PAKE protocols must satisfy in order to suit the compiler and give two concrete O-PAKE instantiation.

show abstract

“…In this paper [6], the user does not have any identity for authentication. Here each user has their address and pseudonyms.…”

Section: Authenticate the User Without Identitiesmentioning

confidence: 99%

“…A strong password-based authentication used in TLS [6]. It uses the Third-party group Diffie-Hellman protocol.…”

Section: G Password-based Authentication In Tlsmentioning

confidence: 99%

A Survey on Password Stealing Attacks and Its Protecting Mechanism

Venkadesh¹,

Palanivel²

2015

IJETT

View full text Add to dashboard Cite

Abstract-People enjoy the convenience of on-line services, however on-line environments might bring several risks. In the on-line communication, the password has a crucial role to secure user personal details. These passwords are taken to be secure and it should be retain in person. The third person might take a password without knowledge of original user and they might do any dishonest activities on the victim's account. The passwords are taken by using anyone of the attack mechanism like Phishing attack, password Stealing Program Attack and etc… The user may use personal details in on-line setting. These personal details should be secured. There are many types of mechanisms available to secure the password and user's information. This paper makes a survey concerning such forms of protection mechanisms and brings awareness to the people.

show abstract

Strong password-based authentication in TLS using the three-party group Diffie Hellman protocol

Cited by 24 publications

References 33 publications

Secure modular password authentication for the web using channel bindings

Secure modular password authentication for the web using channel bindings

Oblivious PAKE: Efficient Handling of Password Trials

A Survey on Password Stealing Attacks and Its Protecting Mechanism

Contact Info

Product

Resources

About