1 / 27

A New Two-Server Approach for Authentication with Short Secrets

A New Two-Server Approach for Authentication with Short Secrets. John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories. To appear in USENIX Security 2003/4/9. Outline. Introduction Previous Work New Work. Passwords and PINs. Short secrets are convenience .

adia
Download Presentation

A New Two-Server Approach for Authentication with Short Secrets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in USENIX Security 2003/4/9

  2. Outline • Introduction • Previous Work • New Work

  3. Passwords and PINs • Short secrets are convenience . • The secrets stored in a central database.

  4. Problem • How is it possible to provide secure services to users who can authenticate using only short secrets or weak password?

  5. Smartcards , similar key-storage • Memorable PW – guessing attack

  6. SPAKA protocols • (Secure password authenticated key agreement) • EKE:Share a password, mutual ensure to established a session key.

  7. Attack to SPAKA Client SERVER LOOK ALL ? Cleartext celartext password steal Off-line dictionary attacks

  8. Outline • Introduction • Previous Work • New Work

  9. Previous work • A mechanism called password hardening , by Ford and Kaliski. Client password Server secret …

  10. Learn no information … Decrypt credentials Authenticate Others protocols…

  11. Outline • Introduction • Previous Work • New Work

  12. Now new work • Two-server solution . p Client P’ SSL SSL SSL Server Red Server Blue P = P’ ??

  13. Outline • Introduction • Previous Work • New Work • Equality-Testing Protocol

  14. Equality-Testing Protocol • H is a large group(160-bit) and + be the group operator • f is collision-free hash function

  15. Equality-Testing Protocol • Registration:

  16. Equality-Testing Protocol • Authentication: If P = P’ 0

  17. G is large group (hard to discrete log) g : generator q : order in Zp (p=2q+1) p (1024 bits) w: H -> G

  18. Compare with SPAKA • Mutually authenticated channel between two servers. • not derive a shared key. • Client need perform no cryptographic computation, and operation in H.

  19. Outline • Introduction • Previous Work • New Work • Equality-Testing Protocol • Architectural Motivation

  20. Architectural Motivation • Security in two servers. * different OSs * different organizations (privacy outsourcing): service provider privacy provider

  21. Architectural Motivation • Universality • Pseudonymity • Engineering simplicity • System isolation • Mitigation of denial-of-service attacks

  22. Outline • Introduction • Previous Work • New Work • Equality-Testing Protocol • Architectural Motivation • Avoiding Problems

  23. Avoiding Problems • False Pseudonym Problem • Replay Attacks Problem

More Related