The Community for Technology Leaders
2012 IEEE 21st International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (1997)
MIT, Cambridge, MA
June 18, 1997 to June 20, 1997
ISBN: 0-8186-7967-0
pp: 0248
D.P. Jablon , Integrity Sci. Inc., USA
ABSTRACT
Abstract: Strong password methods verify even small passwords over a network without additional stored keys or certificates with the user, and without fear of network dictionary attack. We describe a new extension to further limit exposure to theft of a stored password-verifier, and apply it to several protocols including the Simple Password Exponential Key Exchange (SPEKE). Alice proves knowledge of a password C to Bob, who has a stored verifier S, where S=g/sup C/ mod p. They perform a SPEKE exchange based on the shared secret S to derive ephemeral shared key K/sub 1/. Bob chooses a random X and sends g/sup X/ mod p. Alice computes K=g/sup XC/ mod p, and proves knowledge of {K/sub 1/,K/sub 2/}. Bob verifies this result to confirm that Alice knows C. Implementation issues are summarized, showing the potential for improved performance over Bellovin and Merritt's comparably strong Augmented-Encrypted Key Exchange. These methods make the password a strong independent factor in authentication, and are suitable for both Internet and intranet use.
INDEX TERMS
Internet; extended password key exchange protocols; dictionary attack; stored password-verifier; Simple Password Exponential Key Exchange; authentication; intranet use; Internet
CITATION
D.P. Jablon, "Extended Password Key Exchange Protocols Immune to Dictionary Attacks", 2012 IEEE 21st International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, vol. 00, no. , pp. 0248, 1997, doi:10.1109/ENABL.1997.630822
92 ms
(Ver 3.3 (11022016))