A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in.

Slides:

Advertisements

Similar presentations

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories.

Advertisements

Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Akshat Sharma Samarth Shah

1 東南技術學院九十二學年度第二學期資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur

CSC 774 Advanced Network Security

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CSC 774 Advanced Network Security

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

PREVENTING CRYPTOGRAPHIC KEY LEAKAGE IN CLOUD VIRTUAL MACHINES STUDENT: FATEMAH ALHARBI PROFESSOR: NAEL ABU-GHAZALEH EE260 SEMINAR IN ELECTRICAL ENGINEERING.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

孫國偉 Efficient Password authenticated key agreement using smart cards Author : Wen-Shenq Juang* Date : in Computers & Security.

May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,

Authentication System

1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From ： ePrint (August 2005) Author ： Junghyun Nam, Seungjoo.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

Strong Password Protocols

SSH Secure Login Connections over the Internet

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

多媒體網路安全實驗室 A Strong User Authentication Framework for Cloud Computing Date ： Reporter : Hong Ji Wei Authors : Amlan Jyoti Choudhury, Mangal.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

The Secure Password-Based Authentication Protocol

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

EMBEDDED SECURITY EEN 417 Fall /6/13, Dr. Eric Rozier, V1.0, ECE Thanks to Edward Lee and Sanjit Seshia of UC Berkeley.

Lecture 11: Strong Passwords

Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

Key Agreement Guilin Wang School of Computer Science 12 Nov

Chapter 21 Distributed System Security Copyright © 2008.

SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.

D´ej`a Vu: A User Study Using Images for Authentication Rachna Dhamija,Adrian Perrig SIMS / CS, University of California Berkeley 報告人：張淯閎.

Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.

1 Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards 使用在 smart cards 的強韌及高效率密碼驗證金鑰協定 IEEE Transactions on Industrial Electronics,

1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.

SPEAKER: HONG-JI WEI DATE: Secure Anonymous Authentication Scheme with Roaming for Mobile Networks.

Kerberos Guilin Wang School of Computer Science 03 Dec

Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.

User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

King Mongkut’s University of Technology Network Security 8. Password Authentication Methods Prof. Reuven Aviv, Jan Password Authentication1.

Password-based user authentication and key distribution protocols for client-server applications Authors: Her-Tyan Yeh and Hung-Min Sun Sources: The Journal.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.

COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

A Cryptographic Defense Against Connection Depletion Attacks

SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET

A Cryptographic Defense Against Connection Depletion Attacks

Presentation transcript:

A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in USENIX Security 2003/4/9

Outline Introduction Introduction Previous Work Previous Work New Work New Work

Passwords and PINs Short secrets are convenience. Short secrets are convenience. The secrets stored in a central The secrets stored in a central database. database.

Problem How is it possible to provide secure services to users who can authenticate using only short secrets or weak password? How is it possible to provide secure services to users who can authenticate using only short secrets or weak password?

Smartcards, similar key-storage Smartcards, similar key-storage Memorable PW – guessing attack Memorable PW – guessing attack

SPAKA protocols (Secure password authenticated key agreement) (Secure password authenticated key agreement) EKE:Share a password, mutual ensure to established a session key. EKE:Share a password, mutual ensure to established a session key.

Attack to SPAKA Client SERVER password celartext steal Off-line dictionary attacks Cleartext LOOK ALL ?

Outline Introduction Introduction Previous Work Previous Work New Work New Work

Previous work A mechanism called password hardening, by Ford and Kaliski. A mechanism called password hardening, by Ford and Kaliski. Client password … Server secret

… Learn no information Decrypt credentials Authenticate Others protocols …

Outline Introduction Introduction Previous Work Previous Work New Work New Work

Now new work Two-server solution. Two-server solution. Server Red SSL Server Blue p P ’ P = P ’ ?? Client SSL

Outline Introduction Introduction Previous Work Previous Work New Work New Work Equality-Testing Protocol Equality-Testing Protocol

Equality-Testing Protocol H is a large group(160-bit) H is a large group(160-bit) and + be the group operator and + be the group operator f is collision-free hash function f is collision-free hash function

Equality-Testing Protocol Registration: Registration:

Equality-Testing Protocol Authentication: Authentication: If P = P ’ 0

G is large group (hard to discrete log) G is large group (hard to discrete log) g : generator g : generator q : order in Zp (p=2q+1) q : order in Zp (p=2q+1) p (1024 bits) p (1024 bits) w: H -> G w: H -> G

Compare with SPAKA Mutually authenticated channel between Mutually authenticated channel between two servers. two servers. not derive a shared key. not derive a shared key. Client need perform no cryptographic computation, and operation in H. Client need perform no cryptographic computation, and operation in H.

Outline Introduction Introduction Previous Work Previous Work New Work New Work Equality-Testing Protocol Equality-Testing Protocol Architectural Motivation Architectural Motivation

Architectural Motivation Security in two servers. Security in two servers. * different OSs * different OSs * different organizations * different organizations (privacy outsourcing): (privacy outsourcing): service provider service provider privacy provider privacy provider

Architectural Motivation Universality Universality Pseudonymity Pseudonymity Engineering simplicity Engineering simplicity System isolation System isolation Mitigation of denial-of-service attacks Mitigation of denial-of-service attacks

Outline Introduction Introduction Previous Work Previous Work New Work New Work Equality-Testing Protocol Equality-Testing Protocol Architectural Motivation Architectural Motivation Avoiding Problems Avoiding Problems

Avoiding Problems False Pseudonym Problem False Pseudonym Problem Replay Attacks Problem Replay Attacks Problem