Password-Only Authenticated Key Exchange Using Distributed Server

  IJCTT-book-cover
 
International Journal of Computer Trends and Technology (IJCTT)          
 
© 2014 by IJCTT Journal
Volume-9 Number-6                          
Year of Publication : 2014
Authors : N.Narmadha , S. Rajathi
  10.14445/22312803/IJCTT-V9P158

MLA

N.Narmadha , S. Rajathi."Password-Only Authenticated Key Exchange Using Distributed Server". International Journal of Computer Trends and Technology (IJCTT) V9(6):305-309, March 2014. ISSN:2231-2803. www.ijcttjournal.org. Published by Seventh Sense Research Group.

Abstract -
Authentication using Password-authenticated key exchange using distributed server (PAKEUDE) is done where a cryptographic key - exchange of messages. Database of all passwords to authenticate clients are stored in a distributed server. If the server is compromised, the attacker cannot act like a client with the information from the compromised server. Solution produced for distributed-server PAKE is by having parallel two peer servers which have equal contribution to authentication or asymmetric solution for distributed-server PAKE, where the client can establish different cryptographic key with the control server.

References
[1] M. Abdalla and D. Pointcheval, “Simple Password-Based Encrypted Key Exchange Protocols,” Proc. Int’l Conf. Topics in Cryptology (CT-RSA), pp. 191-208, 2005.
[2] M. Abdalla, O. Chevassut, and D. Pointcheval, “One-Time Verifier-Based Encrypted Key Exchange,” Proc. Eighth Int’l Conf. Theory and Practice in Public Key Cryptography (PKC ’05), pp. 47-64, 2005.
[3] M. Bellare, D. Pointcheval, and P. Rogaway, “Authenticated Key Exchange Secure against Dictionary Attacks,” Proc. 19th Int’l Conf. Theory and Application of Cryptographic Techniques (Eurocrypt ’00), pp. 139-155, 2000.
[4] S. Bellovin and M. Merritt, “Encrypted Key Exchange: Password- Based Protocol Secure against Dictionary Attack,” Proc. IEEE Symp. Research in Security and Privacy, pp. 72-84, 1992.
[5] D. Boneh and M. Franklin, “Identity Based Encryption from the Weil Pairing,” Proc. 21st Ann. Int’l Cryptology Conf. (Crypto ’01), pp. 213-229, 2001.
[6] D. Boneh and M. Franklin, “Identity Based Encryption from the Weil Pairing,” SIAM J. Computing, vol. 32, no. 3, pp. 586-615, 2003.
[7] D. Boneh, “The Decisional Diffie-Hellman Problem,” Proc. Third Int’l Algorithmic Number Theory Symp., pp. 241-250, 1998.
[8] V. Boyko, P. Mackenzie, and S. Patel, “Provably Secure Password- Authenticated Key Exchange Using Diffie-Hellman,” Proc. 19th Int’l Conf. Theory and Application of Cryptographic Techniques (Eurocrypt ’00), pp. 156-171, 2000.
[9] J. Brainard, A. Jueles, B.S. Kaliski, and M. Szydlo, “A New Two- Server Approach for Authentication with Short Secret,” Proc. 12th Conf. USENIX Security Symp., pp. 201-214, 2003.
[10] W. Diffie and M.E. Hellman, “New Directions in Cryptography,” IEEE Trans. Information Theory, IT-22, no. 6, pp. 644-654, Nov. 1976.
[11] M. Di Raimondo and R. Gennaro, “Provably Secure Threshold Password Authenticated Key Exchange,” Proc. 22nd Int’l Conf. Theory and Applications of Cryptographic Techniques (Eurocrypt ’03), pp. 507-523, 2003.
[12] T. ElGamal, “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Trans. Information Theory, vol. IT-31, no. 4, pp. 469-472, July 1985.
[13] W. Ford and B.S. Kaliski Jr., “Server-Assisted Generation of a Strong Secret from a Password,” Proc. IEEE Ninth Int’l Workshop Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 176-180, 2000.
[14] O. Goldreich and Y. Lindell, “Session-Key Generation using Human Passwords Only,” Proc. 21st Ann. Int’l Cryptology Conf. Advances in Cryptology (Crypto ’01), pp. 408-432, 2001.
[15] L. Gong, T.M.A. Lomas, R.M. Needham, and J.H. Saltzer, “Protecting Poorly-Chosen Secret from Guessing Attacks,” IEEE J. Selected Areas in Comm., vol. 11, no. 5, pp. 648-656, June 1993.
[16] S. Halevi and H. Krawczyk, “Public-Key Cryptography and Password Protocols,” ACM Trans. Information and System Security, vol. 2, no. 3, pp. 230-268, 1999.
[17] D. Jablon, “Password Authentication Using Multiple Servers,” Proc. Conf. Topics in Cryptology: The Cryptographer’s Track at RSA (RSA-CT ’01), pp. 344-360, 2001.
[18] H. Jin, D.S. Wong, and Y. Xu, “An Efficient Password-Only Two- Server Authenticated Key Exchange System,” Proc. Ninth Int’l Conf. Information and Comm. Security (ICICS ’07), pp. 44-56, 2007.
[19] J. Katz, R. Ostrovsky, and M. Yung, “Efficient Password- Authenticated Key Exchange Using Human-Memorable Passwords,” Proc. Int’l Conf. Theory and Application of Cryptographic Techniques: Advances in Cryptology (Eurocrypt ’01), pp. 457-494, 2001.

Keywords
Distributed Server (DS) , Dictionary Attack (DA) , Diffie-Hellman Key Exchange, ElGamal Encryption, Password-authenticated Key exchange using Distributed Server(PAKEUDE).