Filters








1,705 Hits in 7.0 sec

Password-Authenticated Key Exchange between Clients in a Cross-Realm Setting [chapter]

Shuhua Wu, Yuefei Zhu
2008 Lecture Notes in Computer Science  
In this paper, based on a variant of AuthA, we consider a quite different paradigm from the existing ones and propose a provably secure password-authenticated key exchange protocol in a cross-realm setting  ...  where two clients in different realms obtain a secret session key as well as mutual authentication, with the help of respective servers.  ...  In Section 2, we introduce the formal model of security for password-based authenticated key exchange in a cross-realm setting.  ... 
doi:10.1007/978-3-540-88140-7_9 fatcat:bbav2hz2gva3rnownxgk4q7cvy

Password-Authenticated Key Exchange between Clients with Different Passwords [chapter]

Jin Wook Byun, Ik Rae Jeong, Dong Hoon Lee, Chang-Seop Park
2002 Lecture Notes in Computer Science  
Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password.  ...  In this paper we propose a new framework which provides a password-authenticated key exchange between clients based only on their two different passwords without any pre-shared secret, so called Client-to-Client  ...  C2C-PAKE in a Cross-Realm Setting In this section we propose a new client to client password-authenticated key exchange(C2C-PAKE) scheme in a cross-realm setting.  ... 
doi:10.1007/3-540-36159-6_12 fatcat:sl7v4mbvnbarxahb7snsdqskri

fficient and Provably Secure Generic Construction of Client-to-Client Password-Based Key Exchange Protocol

Zhoujun Li, Hua Guo, Xiyong Zhang
2008 Electronical Notes in Theoretical Computer Science  
Client-to-client password authenticated key exchange (C2C-PAKE) protocol enables two clients who only share their passwords with their own servers to establish a shared key for their secure communications  ...  In this paper, we present an efficient generic construction for cross-realm C2C-PAKE protocols and prove its security in the Random-or-Real model due to Abdalla et al., without making use of the Random  ...  [1] first proposed a C2C-PAKE protocol in the cross-realm setting by using the key distribution centers(KDCs) in the different realms as the go-between.  ... 
doi:10.1016/j.entcs.2008.04.066 fatcat:w55luhws35bpbmxejqqrxiknve

Cross-Domain Password-Based Authenticated Key Exchange Revisited

Liqun Chen, Hoon Wei Lim, Guomin Yang
2014 ACM Transactions on Privacy and Security  
In this paper, we propose a four-party password-based authenticated key exchange (4PAKE) protocol that takes a different approach from previous work.  ...  That is, by treating any secure two-party password-based key exchange protocol and two-party asymmetric-key based key exchange protocol as black boxes, we combine them to obtain a generic and provably  ...  Client-to-Client Key Exchange The idea of extending password-based key exchange between two users from the same domain to the cross-domain setting was also studied by Byun et al.  ... 
doi:10.1145/2584681 fatcat:a6gnsscmw5gkhmn5xu3tdjanzu

Cross-domain password-based authenticated key exchange revisited

Liqun Chen, Hoon Wei Lim, Guomin Yang
2013 2013 Proceedings IEEE INFOCOM  
In this paper, we propose a four-party password-based authenticated key exchange (4PAKE) protocol that takes a different approach from previous work.  ...  That is, by treating any secure two-party password-based key exchange protocol and two-party asymmetric-key based key exchange protocol as black boxes, we combine them to obtain a generic and provably  ...  Client-to-Client Key Exchange The idea of extending password-based key exchange between two users from the same domain to the cross-domain setting was also studied by Byun et al.  ... 
doi:10.1109/infcom.2013.6566895 dblp:conf/infocom/ChenLY13 fatcat:yxhacnm7xrb5tdtxcouwlmxlim

CredEx: user-centric credential management for grid and Web services

D. Del Vecchio, M. Humphrey, J. Basney, N. Nagaratnam
2005 IEEE International Conference on Web Services (ICWS'05)  
We describe the design and implementation of CredEx by focusing on its use in bridging password-based Web Services and PKI-based Grid Services, illustrating how interoperability between these realms can  ...  With CredEx, a user can achieve single sign-on by acquiring a single (default) credential then dynamically exchanging that credential as needed for services that authenticate a different way.  ...  Kerberos cross-realm authentication is another case of single-type credential exchange.  ... 
doi:10.1109/icws.2005.43 dblp:conf/icws/VecchioHBN05 fatcat:y2nz2g4mo5fcfa4rbec7ihnnyi

Cryptanalysis of Some Client-to-Client Password-Authenticated Key Exchange Protocols

Tianjie Cao, Tao Quan, Bo Zhang
2009 Journal of Networks  
Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) protocols allow two clients establish a common session key based on their passwords.  ...  Recently, Kwon and Lee proposed four C2C-PAKE protocols in the three-party setting, and Zhu et al. proposed a C2C-PAKE protocol in the cross-realm setting.  ...  In the cross-realm setting, one malicious server should not mount an off-line dictionary attack to obtain the password of a client who belongs to the other realm.  ... 
doi:10.4304/jnw.4.4.263-270 fatcat:hhxrooazmngevdssdgysb6tdti

An Authentication Protocol Based on Kerberos 5

Eman El-Emam, Magdy Koutb, Hamdy M. Kelash, Osama S. Faragallah
2011 International Journal of Network Security  
Instead, the Kerberos Distribution Center saves a profile for every instance in its realm to generate the principle's secret-key by hashing the profile, and encrypting the output digest.  ...  We introduce some modifications to the widely deployed Kerberos authentication protocol.  ...  Exchange between the client and the Kerberos TGS (Ticket Granting Server) in Messages 3 and 4 are used whenever a user authenticates to a new server.  ... 
dblp:journals/ijnsec/El-EmamKKF11 fatcat:6rkvvpacsbah7af22zskr46yaa

Specifying Kerberos 5 cross-realm authentication

I. Cervesato, A. D. Jaggard, A. Scedrov, C. Walstad
2005 Proceedings of the 2005 workshop on Issues in the theory of security - WITS '05  
We also adapt the Dolev-Yao intruder model to the cross-realm setting and prove an important property for a critical field in a cross-realm ticket.  ...  We present a formalization of Kerberos 5 cross-realm authentication in MSR, a specification language based on multiset rewriting.  ...  Intra-Realm Message Exchanges In this section, we focus on the messages exchanged during a typical intra-realm authentication session between a client C and a server S, as sketched in the boxed part of  ... 
doi:10.1145/1045405.1045408 dblp:conf/popl/CervesatoJSW05 fatcat:bmthrqp36vcgxcbdwdd3xhygkq

A Provably Password Authenticated Key Exchange Scheme Based on Chaotic Maps in Different Realm

Hongfeng Zhu, Yifeng Zhang, Yan Zhang
2016 International Journal of Network Security  
So, in our paper, we firstly propose a provable secure twoparty in two-realm key agreement protocol using chaotic maps in the standard model.  ...  Until now, the overwhelming majority of passwordauthenticated key agreement protocols using chaotic maps are based on three architectures (client/server, two clients/server and multi-server) and four security  ...  Byun et al. first pro-posed a Client-to-Client Password-Authenticated Key Exchange (C2C-PAKE) in the cross-realm setting where two clients are in two different realms and hence two servers involved [2  ... 
dblp:journals/ijnsec/ZhuZZ16 fatcat:6xgxg4mcvneqtkadqtvfwyfzay

Formal analysis of Kerberos 5

Frederick Butler, Iliano Cervesato, Aaron D. Jaggard, Andre Scedrov, Christopher Walstad
2006 Theoretical Computer Science  
Our work also detected a number of innocuous but nonetheless unexpected behaviors, and it clearly described how vulnerable the cross-realm authentication support of Kerberos is to the compromise of remote  ...  Because it targeted a deployed protocol rather than an academic abstraction, this multiyear effort led to the development of new analysis methods in order to manage the inherent complexity.  ...  Core authentication exchange In this section, we focus on the messages exchanged during a typical intra-realm authentication session between a client C and a server S, as sketched in the boxed part of  ... 
doi:10.1016/j.tcs.2006.08.040 fatcat:54a5ownlvjg7hcc25npnp6nhpi

Universally Composable Client-to-Client General Authenticated Key Exchange

Haruki Ota, Kazuki Yoneyama, Shinsaku Kiyomoto, Toshiaki Tanaka, Kazuo Ohta
2007 IPSJ Digital Courier  
In C2C-HAKE, a server shares passwords only with clients in the same realm respectively, public/private keys are used between respective servers, and two clients between different realms share a final  ...  In this paper, we define a new ideal client-to-client general authenticated key exchange functionality, where arbitrary 2-party key exchange protocols are applicable to protocols between the client and  ...  C2C-HAKE is the first client-to-client hybrid authenticated key exchange protocol that is secure in the UC framework with a security-preserving composition property.  ... 
doi:10.2197/ipsjdc.3.555 fatcat:6jrvsdkox5cpnj4rcrzdsudte4

EAP-Kerberos: A Low Latency EAP Authentication Method for Faster Handoffs in Wireless Access Networks

Saber ZRELLI, Nobuo OKABE, Yoichi SHINODA
2012 IEICE transactions on information and systems  
In this paper, we focus on wireless network technologies that rely on the Extensible Authentication Protocol for mutual authentication between the station and the access network.  ...  The wireless medium is a key technology for enabling ubiquitous and continuous network connectivity.  ...  The procedure for obtaining a TGT for a visited Kerberos realm, known as cross-realm authentication, is specified in [5] .  ... 
doi:10.1587/transinf.e95.d.490 fatcat:btxlai3gmvg6takxe7limu5zey

Extensible Pre-authentication Kerberos

Phillip L. Hellewell, Kent E. Seamons
2007 Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)  
Cross-Realm Authentication Kerberos currently provides a mechanism for cross-realm authentication that enables an authenticated user in one realm to obtain services in another realm, but cross-realm authentication  ...  In this setup, each PAS has its own shared key with the AS, similar to cross-realm authentication. Each party controlling a PAS is known as a PAS realm (see Figure 3 .2).  ...  (A random session key between client --and AS, generated by pre-authentication server). key[0] EncryptionKey, --Main data including principal names, etc. epakdata [1] EPAKData } --The EPAK Authenticator  ... 
doi:10.1109/acsac.2007.33 dblp:conf/acsac/HellewellS07 fatcat:gf5fkry6pbblpdblwgo6w73ukm

PrivaKERB: A user privacy framework for Kerberos

F. Pereniguez, R. Marin-Lopez, G. Kambourakis, S. Gritzalis, A.F. Gomez
2011 Computers & security  
We detail how these modes operate in preserving user privacy in both single-realm and cross-realm scenarios.  ...  It is envisaged that its impact will increase as it comprises a reliable and scalable solution to support authentication and secure service acquisition in the Next Generation Networks (NGN) era.  ...  This work is partially supported by a Seneca Foundation Human Resources Researching Training Program 2009 and Funding Program for Research Groups of Excellence (04552/GERM/06), and the Spanish Ministry  ... 
doi:10.1016/j.cose.2011.04.001 fatcat:ynh6bnrycbbspb3uumidzxdese
« Previous Showing results 1 — 15 out of 1,705 results