Distributed Smooth Projective Hashing and Its Application to Two-Server Password Authenticated Key Exchange

Kiefer, Franziskus; Manulis, Mark

doi:10.1007/978-3-319-07536-5_13

Cited by 14 publications

(14 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[15], where the client password is secretly shared amongst two servers from which at most one is assumed to be compromisable. Under this security assumption 2PAKE servers fully eliminate threats from offline dictionary attacks.…”

Section: Resultsmentioning

confidence: 99%

Zero-Knowledge Password Policy Checks and Verifier-Based PAKE

Kiefer

Manulis

2014

Computer Security - ESORICS 2014

Self Cite

View full text Add to dashboard Cite

Abstract. Zero-Knowledge Password Policy Checks (ZKPPC), introduced in this work, enable blind registration of client passwords at remote servers, i.e., client passwords are never transmitted to the servers. This eliminates the need for trusting servers to securely process and store client passwords. A ZKPPC protocol, executed as part of the registration procedure, allows clients to further prove compliance of chosen passwords with respect to password policies defined by the servers. The main benefit of ZKPPC-based password registration is that it guarantees that registered passwords never appear in clear on the server side. At the end of the registration phase the server only receives and stores some verification information that can later be used for authentication in a suitable Verifier-based Password Authenticated Key Exchange (VPAKE) protocol. We give general and concrete constructions of ZKPPC protocols and suitable VPAKE protocols for ASCII-based passwords and policies that are commonly used on the web. To this end we introduce a reversible mapping of ASCII characters to integers that can be used to preserve the structure of the password string and a new randomised password hashing scheme for ASCII-based passwords.

show abstract

Section: Resultsmentioning

confidence: 99%

Zero-Knowledge Password Policy Checks and Verifier-Based PAKE

Kiefer

Manulis

2014

Computer Security - ESORICS 2014

Self Cite

View full text Add to dashboard Cite

show abstract

“…Future work may include extension of the ZKPPC concept towards TwoServer PAKE (2PAKE) protocols, e.g. [15], where the client password is secretly shared amongst two servers from which at most one is assumed to be compromisable. Under this security assumption 2PAKE servers fully eliminate threats from offline dictionary attacks.…”

Section: Resultsmentioning

confidence: 99%

Computer Security - ESORICS 2014

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Zero-Knowledge Password Policy Checks (ZKPPC), introduced in this work, enable blind registration of client passwords at remote servers, i.e., client passwords are never transmitted to the servers. This eliminates the need for trusting servers to securely process and store client passwords. A ZKPPC protocol, executed as part of the registration procedure, allows clients to further prove compliance of chosen passwords with respect to password policies defined by the servers.The main benefit of ZKPPC-based password registration is that it guarantees that registered passwords never appear in clear on the server side. At the end of the registration phase the server only receives and stores some verification information that can later be used for authentication in a suitable Verifier-based Password Authenticated Key Exchange (VPAKE) protocol.We give general and concrete constructions of ZKPPC protocols and suitable VPAKE protocols for ASCII-based passwords and policies that are commonly used on the web. To this end we introduce a reversible mapping of ASCII characters to integers that can be used to preserve the structure of the password string and a new randomized password hashing scheme for ASCII-based passwords.

show abstract

“…π = s 0 + s 1 mod q over a prime-order group G q . Such sharing has been used in various 2PAKE protocols, including [15,23,24,25]. To be used in combination with 2PASS protocols such as [17] one can define the password as g π and thus adopts the multiplicative sharing g π = g s0 g s1 .…”

Section: Password Sharingmentioning

confidence: 99%

“…Application to existing 2PAKE/2PASS protocols Our 2BPR protocol can be used to register passwords for 2PAKE and 2PASS protocols that adopt additive password sharing in Z q or multiplicative sharing in G. This includes 2PAKE protocols from [15,25] for which no password registration procedures were addressed. Integration of 2BPR into 2PASS protocols is more involved since password registration is considered to be part of the 2PASS protocol during the secret sharing phase.…”

Section: Performance and Use With 2pake/2pass Protocolsmentioning

confidence: 99%

Blind Password Registration for Two-Server Password Authenticated Key Exchange and Secret Sharing Protocols

Kiefer¹,

Manulis

2016

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Many organisations enforce policies on the length and formation of passwords to encourage selection of strong passwords and protect their multi-user systems. For Two-Server Password Authenticated Key Exchange (2PAKE) and Two-Server Password Authenticated Secret Sharing (2PASS) protocols, where the password chosen by the client is secretly shared between the two servers, the initial remote registration of policy-compliant passwords represents a major problem because none of the servers is supposed to know the password in clear. We solve this problem by introducing Two-Server Blind Password Registration (2BPR) protocols that can be executed between a client and the two servers as part of the remote registration procedure. 2BPR protocols guarantee that secret shares sent to the servers belong to a password that matches their combined password policy and that the plain password remains hidden from any attacker that is in control of at most one server. We propose a security model for 2BPR protocols capturing the requirements of policy compliance for client passwords and their blindness against the servers. Our model extends the adversarial setting of 2PAKE/2PASS protocols to the registration phase and hence closes the gap in the formal treatment of such protocols. We construct an efficient 2BPR protocol for ASCII-based password policies, prove its security in the standard model, give a proof of concept implementation, and discuss its performance.

show abstract

Distributed Smooth Projective Hashing and Its Application to Two-Server Password Authenticated Key Exchange

Cited by 14 publications

References 21 publications

Zero-Knowledge Password Policy Checks and Verifier-Based PAKE

Zero-Knowledge Password Policy Checks and Verifier-Based PAKE

Computer Security - ESORICS 2014

Blind Password Registration for Two-Server Password Authenticated Key Exchange and Secret Sharing Protocols

Contact Info

Product

Resources

About