Blind Password Registration for Two-Server Password Authenticated Key Exchange and Secret Sharing Protocols

Kiefer, Franziskus; Manulis, Mark

doi:10.1007/978-3-319-45871-7_7

Cited by 10 publications

(22 citation statements)

References 26 publications

(42 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, Keifer and Manulis (2014) explored using a two-server password authentication key exchange application by proposing an extended distributed smooth projective hash function. The authors used the Cramer-Shoup cyphertexts method to compute distributed hash values across several parties to authenticate key exchange protocols [10]. Bakhatiari and Maarof (2012) posits that RSA cryptosystems have serious weakness in its implementation.…”

Section: IImentioning

confidence: 99%

Applied Cryptography in Network Systems Security for Cyberattack Prevention

Yeboah-Ofori

Agbodza

Opoku-Boateng

et al. 2021

2021 International Conference on Cyber Security and Internet of Things (ICSIoT)

View full text Add to dashboard Cite

Application of cryptography and how various encryption algorithms methods are used to encrypt and decrypt data that traverse the network is relevant in securing information flows. Implementing cryptography in a secure network environment requires the application of secret keys, public keys, and hash functions to ensure data confidentiality, integrity, authentication, and non-repudiation. However, providing secure communications to prevent interception, interruption, modification, and fabrication on network systems has been challenging. Cyberattacks are deploying various methods and techniques to break into network systems to exploit digital signatures, VPNs, and others. Thus, it has become imperative to consider applying techniques to provide secure and trustworthy communication and computing using cryptography methods. The paper explores applied cryptography concepts in information and network systems security to prevent cyberattacks and improve secure communications. The contribution of the paper is threefold: First, we consider the various cyberattacks on the different cryptography algorithms in symmetric, asymmetric, and hashing functions. Secondly, we apply the various RSA methods on a network system environment to determine how the cyberattack could intercept, interrupt, modify, and fabricate information. Finally, we discuss the secure implementations methods and recommendations to improve security controls. Our results show that we could apply cryptography methods to identify vulnerabilities in the RSA algorithm in secure computing and communications networks.

show abstract

Section: IImentioning

confidence: 99%

Applied Cryptography in Network Systems Security for Cyberattack Prevention

Yeboah-Ofori

Agbodza

Opoku-Boateng

et al. 2021

2021 International Conference on Cyber Security and Internet of Things (ICSIoT)

View full text Add to dashboard Cite

show abstract

“…Amongst the core security properties of PASE, there is a need to guarantee that only the legitimate user, who knows the password, can outsource, search and retrieve data. Hence, basing security of searchable encryption schemes on passwords introduces the need for a distributed server environment where trust is spread across at least two non-colluding servers, as is also the case in many password-based protocols for authentication and secret sharing, e.g., [4,[12][13][14][26][27][28]30,31,40]. The use of two servers provides the most practical scenario and the minimum requirement to achieve protection against offline dictionary attacks, while a more general secret sharing architecture with t-out-of-n servers would be applicable as well.…”

Section: Password-authenticated Searchable Encryption (Pase)mentioning

confidence: 99%

Password-authenticated searchable encryption

Chen

Huang

Manulis

et al. 2020

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

We introduce Password Authenticated Searchable Encryption (PASE), a novel searchable encryption scheme where a single human-memorizable password can be used to outsource (encrypted) data with associated keywords to a group of servers and later retrieve this data through the encrypted keyword search procedure. PASE ensures that only the legitimate user who knows the initially registered password can perform these operations. In particular, PASE guarantees that no single server can mount an offline attack on the user’s password or learn any information about the encrypted keywords. The concept behind PASE protocols extends previous concepts behind searchable encryption by removing the requirement on the client to store high-entropy keys, thus making the protocol device-agnostic on the user side. In this paper, we model the functionality of PASE along with two security requirements (indistinguishability against chosen keyword attacks and authentication) and propose an efficient direct construction in a two-server setting those security we prove in the standard model under the Decisional Diffie–Hellman assumption. Our constructions support outsourcing and retrieval procedures based on multiple keywords and allow users to change their passwords without any need for the re-encryption of the outsourced data. Our theoretical efficiency comparisons and experimental performance and scalability measurements show that the proposed scheme is practical and offers high performance in relation to computations and communications on the user side. The practicality of our PASE scheme is further demonstrated through its implementation within a JavaScript-based web application that can readily be executed on any (mobile) browser and remains practical for commodity user devices such as laptops and smartphones.

show abstract

“…To improve the security of password registration, Kiefer and Manulis introduced a new family of protocols called Blind Password Registration (BPR) for Verifier-Based Password-Authenticated Key Exchange (VPAKE) [24] and twoserver PAKE [26]. They proposed Zero-Knowledge Password Policy Checks (ZKPPC) which enables blind registration.…”

Section: Introductionmentioning

confidence: 99%

Provably secure identity-based remote password registration

Bertók¹,

Huszti²,

Kovács³

et al. 2022

Publ. Math. Debrecen

View full text Add to dashboard Cite

One of the most significant challenges is the secure user authentication. If it becomes breached, confidentiality and integrity of the data or services may be compromised. The most widespread solution for entity authentication is the passwordbased scheme. It is easy to use and deploy. During password registration typically users create or activate their account along with their password through their verification email, and service providers are authenticated based on their Secure Sockets Layer / Transport Layer Security (SSL/TLS) certificate. We propose a certificate-less secure blind registration protocol (CLS-BPR) which is a password registration scheme based on identity-based cryptography, i.e., both the user and the service provider are authenticated by their short-lived identity-based secret key. For secure storage a bilinear map with a salt is applied, therefore in case of an offline attack the adversary is forced to calculate a computationally expensive bilinear map for each password candidate and salt that slows down the attack. New adversarial model with new secure password registration scheme are introduced. We show that the proposed protocol is based on the assumptions that solving the Bilinear Diffie-Hellman problem is computationally infeasible, the bilinear map is a one-way function, Mac is existentially unforgeable under an adaptive chosen-message attack, where the bilinear map is considered in the generic bilinear group model and the hash functions are supposed as random oracles.

show abstract

Blind Password Registration for Two-Server Password Authenticated Key Exchange and Secret Sharing Protocols

Cited by 10 publications

References 26 publications

Applied Cryptography in Network Systems Security for Cyberattack Prevention

Applied Cryptography in Network Systems Security for Cyberattack Prevention

Password-authenticated searchable encryption

Provably secure identity-based remote password registration

Contact Info

Product

Resources

About