Filters








2,253 Hits in 9.8 sec

Provably secure password-based authentication in TLS

Michel Abdalla, Emmanuel Bresson, Olivier Chevassut, Bodo Möller, David Pointcheval
2006 Proceedings of the 2006 ACM Symposium on Information, computer and communications security - ASIACCS '06  
As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE).  ...  In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol.  ...  Related Work A Password-based Authenticated Key Exchange (PAKE) is a key exchange [14, 22] with one [19] or two flows [8, 9] encrypted using the password as a common symmetric key. Bellare et al  ... 
doi:10.1145/1128817.1128827 dblp:conf/ccs/AbdallaBCMP06 fatcat:wzwzu35t7rcbxh3cbhu4pnkl4a

Secure remote user access over insecure networks

Mohammad Peyravian, Clark Jeffries
2006 Computer Communications  
Remote user authentication based on passwords over untrusted networks is the conventional method of authentication in the Internet and mobile communication environment.  ...  In this paper, we present secure password-based protocols for remote user authentication, password change, and session key establishment over insecure networks.  ...  The "Hash" function can be any strong collision-resistant one-way hash function such as SHA-1.  ... 
doi:10.1016/j.comcom.2005.07.025 fatcat:ajntirgzvrc4tiebhythoprqku

Strong password-based authentication in TLS using the three-party group Diffie Hellman protocol

Michel Abdalla, Emmanuel Bresson, Olivier Chevassut, Bodo Moller, David Pointcheval
2007 International Journal of Security and Networks (IJSN)  
This paper shows that the three-party group Diffie-Hellman key exchange can help protect against these attacks.  ...  We have developed password-based ciphersuites for the Transport Layer Security (TLS) protocol that are not only provably secure but also believed to be free from patent and licensing restrictions based  ...  Milner, a Patent Attorney at Lawrence Berkeley National Laboratory, for suggesting this paper, for invaluable discussions on the patents (and licensing issues), and for providing us with the Discussions  ... 
doi:10.1504/ijsn.2007.013181 fatcat:2mkpivb66bbk5obmuwwxjrhpba

ZERO KNOWLEDGE PASSWORD AUTHENTICATION PROTOCOL

NIVEDITA DATTA
2012 International Journal of Communication Networks and Security  
Also, another version of this protocol has been proposed which makes use of public key cryptography thus adding one more level of security to the protocol and enabling mutual authentication between the  ...  This paper presents a simple protocol based on zero knowledge proof by which the user can prove to the authentication server that he has the password without having to send the password to the server as  ...  H is a collision resistant hash function used to generate the hash value of any data.  ... 
doi:10.47893/ijcns.2012.1047 fatcat:5guirvydczgzppc5gm2swuukca

Zero Knowledge Password Authentication Protocol [chapter]

Nivedita Datta
2013 Advances in Intelligent Systems and Computing  
Also, another version of this protocol has been proposed which makes use of public key cryptography thus adding one more level of security to the protocol and enabling mutual authentication between the  ...  This paper presents a simple protocol based on zero knowledge proof by which the user can prove to the authentication server that he has the password without having to send the password to the server as  ...  H is a collision resistant hash function used to generate the hash value of any data.  ... 
doi:10.1007/978-3-642-35461-8_7 fatcat:kjn3sbxk7zbl3i3xmrdkht4s6q

Mutual zero-knowledge authentication based on virtual passwords per session (MAVPS)

Younes Asimi, Abdellah Amghar, Ahmed Asimi, Yassine Sadqi
2014 2014 Second World Conference on Complex Systems (WCCS)  
cryptography primitive, one-way hash function and random nonce to provide mutual authentication.  ...  In this paper, we introduce a new strong zero knowledge authentication system based on virtual passwords (SAVP).  ...  This extension is based on a oneway hash function to hash passwords, nonce for mutual authentication and Diffie-Hellman to compute a session key.  ... 
doi:10.1109/icocs.2014.7060878 fatcat:dzkecaxhbzghnmervun3elf5si

Analysis of a Password Strengthening Technique and Its Practical Use

Bogdan Groza
2009 2009 Third International Conference on Emerging Security Information, Systems and Technologies  
This technique is used in a Norwegian ATM and a similar method is part of an authentication protocol from Anderson and Lomas which makes use of collision-full hash functions.  ...  a one-way function on the password.  ...  The same truncation is used in a protocol proposed by Lomas and Anderson where the collision-full hash functions proposed by Gong [7] are used to authenticate a key exchanged with Diffie-Hellman. , H  ... 
doi:10.1109/securware.2009.52 dblp:conf/securware/Groza09 fatcat:hmjd3mlgyncpvahha4iwahu5nq

An Enhanced Framework of Hybrid Secure ATM Banking System for Developing Countries

M. Syed Shahul Hameed, N. Kannan
2015 International Journal of Applied Engineering Research  
Password Based Authentication is the most widely using identification mechanism in un-trusted machine like ATM Banking. Behind this password, most secret in formations are available.  ...  Also, users are authenticating by sending one time password through their mobile communication or authenticating by Biometric authentication.  ...  Hash functions also called message digests and one-way encryption, are algorithms that use no key [8] .  ... 
doi:10.37622/ijaer/10.8.2015.19167-19179 fatcat:np4b2n3h3vgqtcjdabkjyyfywe

Microcontroller-based implementation of parsekey+ for limited resources embedded applications

Atilla Elçi, Behnam Rahnama, Reza Makvandi
2011 Proceedings of the 4th international conference on Security of information and networks - SIN '11  
The key file is recreated at each sign-on procedure; it provides an additional security layer beyond using the login password.  ...  The ParseKey+ file itself is also encrypted by the password of the other party in authentication service using a symmetric encryption method.  ...  Solution is strongly based on one-way hash functions.  ... 
doi:10.1145/2070425.2070473 dblp:conf/sin/ElciRM11 fatcat:bt77ph5rbvfctg3qhglu3ipa2q

Prevention of Man-In-The-Middle Attack in Diffie-Hellman Key Exchange Algorithm using Proposed Hash Function

Phyu Phyu Thwe, May Htet
2019 International Journal of Advances in Scientific Research and Engineering  
This hash function is created by using six bitwise operators and operated in a variable length of the rounds depending on message length.  ...  To overcome this problem, a new hash function is proposed to get the public key integrity during the public key sharing process of DHKE algorithm.  ...  RELATED WORKS In 2010, Nan, L. proposed key exchange scheme based on the existing hash function to enhance the security of DHKE protocol.  ... 
doi:10.31695/ijasre.2019.33560 fatcat:pzfgonhcfjb2ng75nscjkwtzme

Zero-Knowledge Proof Based Authentication Over Untrusted Networks

2020 VOLUME-8 ISSUE-10, AUGUST 2019, REGULAR ISSUE  
This paper shows an approach to ensure authentication of a device over an untrusted network whilst maintaining and safeguarding user credentials, by using the concepts of ZKP protocol.  ...  Conventional authentication schemes are susceptible to attacks such as MiTM, IP spoofing, DoS, replay and other eavesdropping based attacks, when the data is shared across an untrusted network.  ...  The key properties of a hash function includea) Variable length input, fixed length output. b) Must be resistant to collision. c) One-way function d) Deterministic.Below figures depicts few key exchange  ... 
doi:10.35940/ijitee.i6917.079920 fatcat:5nzgjrkesbaxhh3desjcctew34

A Biometric Authenticated Key Agreement Protocol for Secure Token

Eun-Jun YOON, Kee-Young YOO
2010 IEICE transactions on information and systems  
This letter proposes a robust biometric authenticated key agreement (BAKA) protocol for a secure token to provide strong security and minimize the computation cost of each participant.  ...  Compared with other related protocols, the proposed BAKA protocol not only is secure against well-known cryptographical attacks but also provides various functionality and performance requirements.  ...  cryptographic goals only using bitwise exclusive-OR (XOR) operation, exponentiations and collision-free one-way hash functions as main cryptographic operations without additional requirements such as using  ... 
doi:10.1587/transinf.e93.d.2311 fatcat:be5vyakcynfcziolfagzgtez3m

New Security Results on Encrypted Key Exchange [chapter]

Emmanuel Bresson, Olivier Chevassut, David Pointcheval
2004 Lecture Notes in Computer Science  
Schemes for encrypted key exchange are designed to provide two entities communicating over a public network, and sharing a (short) password only, with a session key to be used to achieve data integrity  ...  of the message with a hash of the password.  ...  The IEEE P1363.2 Standard working group on password-based authenticated key-exchange methods [11] has been focusing on key exchange protocols wherein clients use short passwords in place of certificates  ... 
doi:10.1007/978-3-540-24632-9_11 fatcat:5buumn46grd5tesxzl4ro5e3wq

Password authenticated key exchange protocol for multi-server mobile networks based on Chebyshev chaotic map

Chien-Lung Hsu, Tzu-Wei Lin
2013 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops)  
This paper proposes a password authenticated key exchange protocol for multi-server mobile networks based on Chebyshev chaotic map. Properties of the proposed protocol are given below.  ...  A password authenticated key exchange protocol can be used to authenticate user's legitimacy and establish a secure communication between a user and his logon server by using his friendly memorized password  ...  In 2008, Tsai proposed a multi-server authentication protocol based on one-way hash function without verification table [10] .  ... 
doi:10.1109/percomw.2013.6529462 dblp:conf/percom/HsuL13 fatcat:z4zfmjtnbbhr3cerabmhddg3yi

Smart field artillery information system: Model development with an emphasis on collisions in single sign-on authentication

Nikola Manev, Jugoslav Achkoski, Drage Petreski, Milan Gocic, Dejan Rancic
2017 Vojnotehnički Glasnik  
Additionally,and even more importantly, the probability of collisions in hash functions during Single Sign-on authentication is presented for proving existing security shortcomings in distributed computer  ...  It is based on Service Oriented Architecture (SOA) and Command, Control, Communications, Computers, and Intelligence Information Systems (C4I), as well conducting the firing in a virtual environment.  ...  the probability that collisions can happen in hash functions during Single Sign-On (SSO) authentication with the stress of the Password Authentication Protocol (PAP).  ... 
doi:10.5937/vojtehg65-12703 fatcat:43esccdpb5bpjp43g5afvt5hsq
« Previous Showing results 1 — 15 out of 2,253 results