Skip to main content
SpringerLink
Log in

Forward Secrecy in Password-Only Key Exchange Protocols

  • Conference paper
  • First Online:
Security in Communication Networks (SCN 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2576))

Included in the following conference series:

Abstract

Password-only authenticated key exchange (PAKE) protocols are designed to be secure even when users choose short, easilyguessed passwords. Security requires, in particular, that the protocol cannot be broken by an off-line dictionary attack in which an adversary enumerates all possible passwords in an attempt to determine the correct one based on previously-viewed transcripts. Recently, provably-secure protocols for PAKE were given in the idealized random oracle/ideal cipher models [2],[8],[19] and in the standard model based on general assumptions [11] or the DDH assumption [14].

The latter protocol (the KOY protocol ) is currently the only known practical solution based on standard assumptions. However, only a proof of basic security for this protocol has appeared. In the basic setting the adversary is assumed not to corrupt clients (thereby learning their passwords) or servers (thereby modifying the value of stored passwords). Simplifying and unifying previous work, we present a natural definition of security which incorporates the more challenging requirement of forward secrecy. We then demonstrate via an explicit attack that the KOY protocol as originally presented is not secure under this definition. This provides the first natural example showing that forward secrecy is a strictly stronger requirement for PAKE protocols. Finally, we present a slight modification of the KOY protocol which prevents the attack and — as the main technical contribution of this paper — rigorously prove that the modified protocol achieves forward secrecy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Bellare, R. Canetti, and H. Krawczyk. A Modular Approach to the Design and Analysis of Authentication and Key Exchange Protocols. STOC’ 98.

    Google Scholar 

  2. M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated Key Exchange Secure Against Dictionary Attacks. Eurocrypt’ 00.

    Google Scholar 

  3. M. Bellare and P. Rogaway. Entity Authentication and Key Distribution. Crypto’ 93.

    Google Scholar 

  4. M. Bellare and P. Rogaway. Provably-Secure Session Key Distribution: the Three Party Case. STOC’ 95.

    Google Scholar 

  5. S.M. Bellovin and M. Merritt. Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. IEEE Symposium on Research in Security and Privacy, IEEE, 1992, pp. 72–84.

    Google Scholar 

  6. R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung. Systematic Design of Two-Party Authentication Protocols. Crypto’ 91.

    Google Scholar 

  7. M. Boyarsky. Public-Key Cryptography and Password Protocols: The Multi-User Case. ACM CCCS’ 99.

    Google Scholar 

  8. V. Boyko, P. MacKenzie, and S. Patel. Provably-Secure Password-Authenticated Key Exchange Using Difie-Hellman. Eurocrypt’ 00.

    Google Scholar 

  9. W. Difie and M. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, 22(6): 644–654 (1976).

    Article  MathSciNet  Google Scholar 

  10. W. Difie, P. van Oorschot, and M. Wiener. Authentication and Authenticated Key Exchanges. Designs, Codes, and Cryptography, 2(2): 107–125 (1992).

    Article  MathSciNet  Google Scholar 

  11. O. Goldreich and Y. Lindell. Session-Key Generation Using Human Passwords Only. Crypto’ 01.

    Google Scholar 

  12. S. Halevi and H. Krawczyk. Public-Key Cryptography and Password Protocols. ACM Transactions on Information and System Security, 2(3): 230–268 (1999).

    Article  Google Scholar 

  13. J. Katz. Efficient Cryptographic Protocols Preventing “Man-in-the-Middle” Attacks. PhD thesis, Columbia University, 2002.

    Google Scholar 

  14. J. Katz, R. Ostrovsky, and M. Yung. Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords. Eurocrypt’ 01.

    Google Scholar 

  15. T.M.A. Lomas, L. Gong, J.H. Saltzer, and R.M. Needham. Reducing Risks from Poorly-Chosen Keys. ACM Operating Systems Review, 23(5): 14–18 (1989).

    Article  Google Scholar 

  16. P. MacKenzie. More Efficient Password-Authenticated Key Exchange. RSA’ 01.

    Google Scholar 

  17. P. MacKenzie. On the Security of the SPEKE Password-Authenticated Key-Exchange Protocol. Manuscript, 2001.

    Google Scholar 

  18. P. MacKenzie. Personal communication. April, 2002.

    Google Scholar 

  19. P. MacKenzie, S. Patel, and R. Swaminathan. Password-Authenticated Key Exchange Based on RSA. Asiacrypt’ 00.

    Google Scholar 

  20. V. Shoup. On Formal Models for Secure Key Exchange. Available at http://eprint.iacr.org/1999/012.

  21. T. Wu. The Secure Remote Password Protocol. Proceedings of the Internet Society Symposium on Network and Distributed System Security, 1998, pp. 97–111.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Maryland (College Park), Maryland, USA

    Jonathan Katz

  2. Telcordia Technologies, Inc., Maryland, USA

    Rafail Ostrovsky

  3. Department of Computer Science, Columbia University, Maryland, USA

    Moti Yung

Authors
  1. Jonathan Katz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rafail Ostrovsky
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Moti Yung
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica ed Applicazioni, Università di Salerno, Via S. Allende, 84081, Baronissi (SA), Italy

    Stelvio Cimato  & Giuseppe Persiano  & 

  2. Dept. of Computer Engineering and Informatics, Computer Technology Institute and University of Patras, 26500, Rio, Greece

    Clemente Galdi

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Katz, J., Ostrovsky, R., Yung, M. (2003). Forward Secrecy in Password-Only Key Exchange Protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds) Security in Communication Networks. SCN 2002. Lecture Notes in Computer Science, vol 2576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36413-7_3

Download citation

  • DOI: https://doi.org/10.1007/3-540-36413-7_3

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00420-2

  • Online ISBN: 978-3-540-36413-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation