Practical Authenticated Key Agreement Using Passwords Sample Contracts

Practical Authenticated Key Agreement using Passwords
Practical Authenticated Key Agreement Using Passwords • September 25th, 2004

Abstract. Due to the low entropy of human-memorable passwords, it is not easy to conduct password authenticated key agreement in a secure manner. Though there are many protocols achieving this goal, they may require a large amount of computation specifically in the augmented model which was contrived to resist server compromise. Our contribution in this paper is two fold. First, we propose a new practical password authenticated key agreement protocol that is efficient and generic in the augmented model. Our scheme is considered from the practical perspective (in terms of efficiency) and is provably secure under the Diffie-Hellman intractability assumptions in the random-oracle model. Our second contribution is more realistic and generic; a conceptually simple but novel password guessing attack which can be mounted on every three-pass password- based protocol unless care is taken in both the design and implementation phases. This is due to the server’s failure to synchronize multiple si

Sample 1
AutoNDA by SimpleDocs
Practical Authenticated Key Agreement using Passwords
Practical Authenticated Key Agreement Using Passwords • June 24th, 2004

Abstract. Due to the low entropy of human-memorable passwords, it is not easy to conduct password authenticated key agreement in a se- cure manner. Though there are many protocols achieving this goal, they may require a large amount of computation specifically in the augmented model which was contrived to resist server compromise. Our contribu- tion in this paper is two fold. First, we propose a new practical pass- word authenticated key agreement protocol that is efficient and generic in the augmented model. Our scheme is considered from the practical perspective (in terms of efficiency) and is provably secure under the Diffie-Hellman intractability assumptions in the random-oracle model. Our second contribution is more realistic and generic; a conceptually simple but novel password guessing attack which can be mounted on ev- ery three-pass password-based protocol unless care is taken in both the design and implementation phases. This is due to the server’s failure to synchronize mult

Sample 1
Time is Money Join Law Insider Premium to draft better contracts faster.