Presentation is loading. Please wait.

Presentation is loading. Please wait.

A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in."— Presentation transcript:

1 A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in USENIX Security 2003/4/9

2 Outline Introduction Introduction Previous Work Previous Work New Work New Work

3 Passwords and PINs Short secrets are convenience. Short secrets are convenience. The secrets stored in a central The secrets stored in a central database. database.

4 Problem How is it possible to provide secure services to users who can authenticate using only short secrets or weak password? How is it possible to provide secure services to users who can authenticate using only short secrets or weak password?

5 Smartcards, similar key-storage Smartcards, similar key-storage Memorable PW – guessing attack Memorable PW – guessing attack

6 SPAKA protocols (Secure password authenticated key agreement) (Secure password authenticated key agreement) EKE:Share a password, mutual ensure to established a session key. EKE:Share a password, mutual ensure to established a session key.

7

8 Attack to SPAKA Client SERVER password celartext steal Off-line dictionary attacks Cleartext LOOK ALL ?

9 Outline Introduction Introduction Previous Work Previous Work New Work New Work

10 Previous work A mechanism called password hardening, by Ford and Kaliski. A mechanism called password hardening, by Ford and Kaliski. Client password … Server secret

11 … Learn no information Decrypt credentials Authenticate Others protocols …

12 Outline Introduction Introduction Previous Work Previous Work New Work New Work

13 Now new work Two-server solution. Two-server solution. Server Red SSL Server Blue p P ’ P = P ’ ?? Client SSL

14 Outline Introduction Introduction Previous Work Previous Work New Work New Work Equality-Testing Protocol Equality-Testing Protocol

15 Equality-Testing Protocol H is a large group(160-bit) H is a large group(160-bit) and + be the group operator and + be the group operator f is collision-free hash function f is collision-free hash function

16 Equality-Testing Protocol Registration: Registration:

17 Equality-Testing Protocol Authentication: Authentication: If P = P ’ 0

18 G is large group (hard to discrete log) G is large group (hard to discrete log) g : generator g : generator q : order in Zp (p=2q+1) q : order in Zp (p=2q+1) p (1024 bits) p (1024 bits) w: H -> G w: H -> G

19

20

21

22 Compare with SPAKA Mutually authenticated channel between Mutually authenticated channel between two servers. two servers. not derive a shared key. not derive a shared key. Client need perform no cryptographic computation, and operation in H. Client need perform no cryptographic computation, and operation in H.

23 Outline Introduction Introduction Previous Work Previous Work New Work New Work Equality-Testing Protocol Equality-Testing Protocol Architectural Motivation Architectural Motivation

24 Architectural Motivation Security in two servers. Security in two servers. * different OSs * different OSs * different organizations * different organizations (privacy outsourcing): (privacy outsourcing): service provider service provider privacy provider privacy provider

25 Architectural Motivation Universality Universality Pseudonymity Pseudonymity Engineering simplicity Engineering simplicity System isolation System isolation Mitigation of denial-of-service attacks Mitigation of denial-of-service attacks

26 Outline Introduction Introduction Previous Work Previous Work New Work New Work Equality-Testing Protocol Equality-Testing Protocol Architectural Motivation Architectural Motivation Avoiding Problems Avoiding Problems

27 Avoiding Problems False Pseudonym Problem False Pseudonym Problem Replay Attacks Problem Replay Attacks Problem

Download ppt "A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in."

Similar presentations

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories.

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Ari Juels and John Brainard RSA Laboratories.
Technical Presentation AIAC 2010-2011 Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.

Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur 2004.05.12.

1 東南技術學院九十二學年度第二學期 資工系第一次論文發表會 Analysis of an Improved Version of S/KEY One-Time Password Authentication Scheme Speaker: Maw-Jinn Tsaur
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
PREVENTING CRYPTOGRAPHIC KEY LEAKAGE IN CLOUD VIRTUAL MACHINES STUDENT: FATEMAH ALHARBI PROFESSOR: NAEL ABU-GHAZALEH EE260 SEMINAR IN ELECTRICAL ENGINEERING.

PREVENTING CRYPTOGRAPHIC KEY LEAKAGE IN CLOUD VIRTUAL MACHINES STUDENT: FATEMAH ALHARBI PROFESSOR: NAEL ABU-GHAZALEH EE260 SEMINAR IN ELECTRICAL ENGINEERING.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Similar presentations

Ads by Google