Abstract
The rapid rise of federated enterprises entails a new way of trust management by the fact that an enterprise can account for partial trust of its affiliating organizations. On the other hand, password has historically been used as a main means for user authentication because of operational simplicity. We are thus motivated to explore the use of short password for user authentication and key exchange in the context of federated enterprises. Exploiting the special structure of a federated enterprise, our proposed new architecture comprises an external server managed by each affiliating organization and a central server managed by the enterprise headquarter. We are concerned with the development of an efficient authentication and key exchange protocol using password, built over the new architecture. The architecture together with the protocol well addresses off-line dictionary attacks initiated at the server side, a problem rarely considered in prior effort.
Chapter PDF
Similar content being viewed by others
Key words
References
L. Bouganim, P. Pucheral, Chip-Secured Data Access: Confidential Data on Untrusted Servers, in: Very Large Data Bases (VLDB), pp. 131–142, 2002.
D. V. Klein, Foiling the Cracker-A Survey of, and Improvements to, Password Security, in: 2nd USENIX Security, pp. 5–14, 1990
E. Bresson, O. Chevassut, and D. Pointcheval, Security Proofs for an Efficient Password-Based Key Exchange, in: ACM. Computer and Communication Security, pp. 241–250, 2003.
S. Bellovin, and M. Merritt, Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks, in: IEEE Symposium on Research in Security and Privacy, pp. 72–84, 1992.
S. Bellovin and M. Merritt, Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise, in: ACM. Computer and Communication Security, pp. 244–250, 1993.
J. Katz, R. Ostrovsky, and M. Yung, Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords, in: Advances in Cryptology, Eurocrypt’01, LNCS 2045, pp. 475–494, 2001.
S. Halevi, and H. Krawczyk, Public-key Cryptography and Password Protocols, in: ACM. Computer and Communication Security, pp. 122–131, 1998.
M. K. Boyarsky, Public-key Cryptography and Password Protocols: The Multi-User Case, in: ACM Conference on Computer and Communication Security, pp. 63–72, 1999.
J. Katz, R. Ostrovsky, and M. Yung, Forward Secrecy in Password-Only Key Exchange Protocols, in: Security in Communication Networks, 2002
M. Bellare, D. Pointcheval, and P. Rogaway, Authenticated Key Exchange Secure against Dictionary Attacks, in: Advance in cryptology, Eurocrypt’00, pp. 139–155, 2000.
L. Gong, M. Lomas, R. Needham, and J. Saltzer, Protecting Poorly Chosen Secrets from Guessing Attacks, IEEE Journal on Seclected Areas in Communications, 11(5), pp. 648–656, 1993.
W. Ford, and B. S. Kaliski Jr, Sever-assisted Generation of a Strong Secret from a Password, in: IEEE. 9th International Workshop on Enabling Technologies, 2000.
D. P. Jablon, Password Authentication Using Multiple Servers, in: RSA Security Conference, LNCS 2020, pp. 344–360, 2001.
P. Mackenzie, T. Shrimpton, and M. Jakobsson, Threshold Password-Authenticated Key Exchange, in: Advances in Cryptology, Crypto’02, LNCS 2442, pp. 385–400, 2002.
M. D. Raimondo, and R. Gennaro, Provably Secure Threshold Password-Authenticated Key Exchange, in: Advances in Cryptology, Eurocrypt’03, LNCS 2656, pp. 507–523, 2003.
M. Bellare, P. Rogaway, Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, in: ACM. Computer and Communication Security, pp. 62–73, 1993.
J. Brainard, A. Juels, and B. Kaliski, M. Szydlo, A New Two-Server Approach for Authentication with Short Secret, in: USENIX Security, 2003.
A. Shamir, How To Share A Secret, Communications of the ACM, Volume 22, pp. 612–613, 1979.
O. Goldreich, Secure Multi-party Computation, Working Draft, Version 1.3, June 2001.
D. Boneh, The Decision Diffie-Hellman Problem, in: 3rd International Algorithmic Number Theory Symposium, LNCS 1423, pp. 48–63, 1998.
J. Kohl, and C. Neuman, RFC 1510: The Kerberos Network Authentication Service, 1993.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Yang, Y., Bao, F., Deng, R.H. (2005). A New Architecture for User Authentication and Key Exchange Using Password for Federated Enterprises. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds) Security and Privacy in the Age of Ubiquitous Computing. SEC 2005. IFIP Advances in Information and Communication Technology, vol 181. Springer, Boston, MA. https://doi.org/10.1007/0-387-25660-1_7
Download citation
DOI: https://doi.org/10.1007/0-387-25660-1_7
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-25658-0
Online ISBN: 978-0-387-25660-3
eBook Packages: Computer ScienceComputer Science (R0)