Abstract
We propose a new model for key exchange (KE) based on a combination of different types of keys. In our setting, servers exchange keys with clients, who memorize short passwords and carry (stealable) storage cards containing long (cryptographic) keys. Our setting is a generalization of that of Halevi and Krawczyk [16] (HK), where clients have a password and the public key of the server.
We point out a subtle flaw in the protocols of HK and demonstrate a practical attack on them, resulting in a full password compromise. We give a definition of security of KE in our (and thus also in the HK) setting and discuss many related subtleties. We define and discuss protection against denial of access attacks, which is not possible in any of the previous KE models that use passwords. Finally, we give a very simple and efficient protocol satisfying all our requirements.
The full version of this paper, containing a rigorous proof of security, appears in the Eprint archive [17].
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-540-32732-5_32
Chapter PDF
Similar content being viewed by others
References
Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: STOC 1998: Proceedings of the thirtieth annual ACM symposium on Theory of computing, New York, NY, USA, pp. 419–428. ACM Press, New York (1998)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secureagainst dictionary attacks. In: SP 1992: Proceedings of the 1992 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 72. IEEE Computer Society, Los Alamitos (1992)
Boyarsky, M.K.: Public-key cryptography and password protocols: the multi-user case. In: CCS 1999: Proceedings of the 6th ACM conference on Computer and communications security, New York, NY, USA, pp. 63–72. ACM Press, New York (1999)
Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.D.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)
Clancy, T.: Eap password authenticated exchange, draft archive (2005), http://www.cs.umd.edu/~clancy/eap-pax/
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)
Internet Engineering Task Force. Eap password authenticated exchange (2005), http://www.ietf.org/internet-drafts/draft-clancy-eap-pax-03.txt
Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001)
Gong, L., Lomas, M.A., Needham, R.M., Saltzer, J.H.: Protecting poorly chosen secrets from guessing attacks. IEEE Journal on Selected Areas in Communications 11(5), 648–656 (1993)
Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. In: CCS 1998: Proceedings of the 5th ACM conference on Computer and communications security, New York, NY, USA, pp. 122–131. ACM Press, New York (1998)
Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Trans. Inf. Syst. Secur. 2(3), 230–268 (1999)
Kolesnikov, V., Rackoff, C.: Key exchange using passwords and long keys. Manuscript, available from Eprint archive, http://eprint.iacr.org
Krawczyk, H.: Skeme: a versatile secure key exchange mechanism for internet. In: SNDSS 1996: Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS 1996), Washington, DC, USA, p. 114. IEEE Computer Society, Los Alamitos (1996)
Pinkas, B., Sander, T.: Securing passwords against dictionary attacks. In: CCS 2002: Proceedings of the 9th ACM conference on Computer and communications security, New York, NY, USA, pp. 161–170. ACM Press, New York (2002)
Shoup, V.: On formal models for secure key exchange. Technical Report RZ 3120 (#93166) (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kolesnikov, V., Rackoff, C. (2006). Key Exchange Using Passwords and Long Keys. In: Halevi, S., Rabin, T. (eds) Theory of Cryptography. TCC 2006. Lecture Notes in Computer Science, vol 3876. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11681878_6
Download citation
DOI: https://doi.org/10.1007/11681878_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-32731-8
Online ISBN: 978-3-540-32732-5
eBook Packages: Computer ScienceComputer Science (R0)