80 likes | 246 Views
IEEE P1363.2 - AMP. March 25, 2004. History 1/3. May 2000 [Kw00] First proposal to IEEE P1363 February 2001 [Kw01] Presented at NDSS ’01, San Diego, CA July 2001 (personal communications) Q: Two-for-one guessing (by M. Scott) A: Possible prevention is AMP+ [Kw01]. History 2/3.
E N D
IEEE P1363.2 - AMP March 25, 2004
History 1/3 • May 2000 [Kw00] • First proposal to IEEE P1363 • February 2001 [Kw01] • Presented at NDSS ’01, San Diego, CA • July 2001 (personal communications) • Q: Two-for-one guessing (by M. Scott) • A: Possible prevention is AMP+ [Kw01]
History 2/3 • October 2002 [Kw02] • First update • Slight efficiency improvement requiring a safe or secure prime • Security augmentation against two-for-one, aside from AMP+ • June 2003 [Kw03a] • Second update (the current version of AMP in the main document) • Reconsidering small orders (in validity check) due to January 2003 discussion of the meeting group • Proposal for including AMP+
History 3/3 • August 2003 [Kw03b] • Proposal for TP-AMP (PAK + AMP in the augmented model) • Classifying AMP • Many-to-many guessing attack to general three-pass protocols • November 2003 [Kw03c] • Slight modification of AMP and TP-AMP • November 2003 [ISO03] • Inclusion to ISO/IEC JTC 1/SC 27 3rd WD 11770-4 • Mechanism 3 in 11770-4
Advantages • Efficient in the augmented model • In the client side [Kw01,Kw03b] • Flexible with several variants in DL/EC groups • No Patent Restriction • As for TP-AMP (3-pass) • Efficient bilateral commitment scheme in the augmented model • While AMP (4-pass) and PAKZ (3-pass) are unilateral, respectively
Fix • The current version of AMP and AMP+ are secure against two-for-one guessing • Please update the comparison table • Fix p as a safe or secure prime for easier validity check
Discussions • Proposed techniques for AMP • Current drafted AMP (also included in [ISO03]) • TP-AMP (bilateral due to PAK + AMP) • Many-to-many guessing attack
Reference • [Kw00] Ultimate Solution to Authentication via Memorable Password, May 2000 http://grouper.ieee.org/groups/1363/passwdPK/contributions.html#amp • [Kw01] Authentication and key agreement via Memorable Password, NDSS’01, San Diego, CA, February 2001 http://www.isoc.org/isoc/conferences/ndss/01/2001/papers/kwon.pdf • [Kw02] Authentication via Memorable Passwords - Revised Submission to IEEE P1363.2, October 2002 http://grouper.ieee.org/groups/1363/private/AMP-update-021031.doc • [Kw03a] Authentication via Memorable Passwords - Revised Submission to IEEE P1363.2, June 2003 http://grouper.ieee.org/groups/1363/private/AMP-update-030614.doc • [Kw03b] Summary of AMP, August 2003 http://grouper.ieee.org/groups/1363/private/AMP-update-030614.doc • [Kw03c] Addendum to Summary of AMP, November 2003 http://grouper.ieee.org/groups/1363/passwdPK/contributions/ampsummary2.pdf • [ISO03] ISO/IEC JTC 1/SC 27 3rd WD 11770-4, Information technology – Security techniques – Key management – Part 4: Mechanisms based on weak secrets, November 2003