Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman Page: 1 of 8
This report is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided to Digital Library by the UNT Libraries Government Documents Department.
The following text was automatically extracted from the image on this page using optical character recognition software:
Security Proof for Password Authentication in TLS -
Verifier-based Three-Party Group Diffie-Hellman
Olivier Chevassut', Joseph R. Milner1, and David Pointcheval2
1 Computational Research Division, Lawrence Berkeley National Laboratory, USA
2 Technology Transfer and Intellectual Property Management Department, Lawrence Berkeley National Laboratory
s Computer Science Department, Ecole normale sup6rieure, France
Abstract. The internet has grown greatly in the past decade, by some numbers exceeding 47 million
active web sites and a total aggregate exceeding 100 million web sites. What is common practice
today on the Internet is that servers have public keys, but clients are largely authenticated via short
passwords. Protecting these passwords by not storing them in the clear on institutions's servers has
become a priority. This paper develops password-based ciphersuites for the Transport Layer Security
(TLS) protocol that are: (1) resistant to server compromise; (2) provably secure; (3) believed to be free
from patent and licensing restrictions based on an analysis of relevant patents in the area.
Keywords: Encrypted Key Exchange, Group Diffie-Hellman Key Exchange, TLS.
The internet has grown greatly in the past decade, by some numbers exceeding 47 million active
web sites and a total aggregate exceeding 100 million web sites. Internet transactions encompass
all forms of commercial transactions, often where secure information such as credit cards, social
security numbers, and bank accounts are necessary to a set of transactions. Ultimately, businesses
and banks become hacking targets of the confidential data relating to their customers. Such data is
tempting to steal as a jumping off point for identity theft or direct credit card usage. A much easier
target than literally robbing a bank is to target the internet transactions of a bank, which may be
done in a variety of technical means. Thus, it becomes increasingly important that passwords never
be directly transmitted to a financial institution, as they may be compromised during transit.
What is common in practice today is that servers have public keys, but end-users (clients) will
largely be authenticated based on their human-memorizable passwords. One reason for this is that
security infrastructures aim to maintain and respect existing local security architectures of its users,
and these are largely password-based. Another is that users find passwords easier to use. Indeed,
even if a user has a public key, its matching secret key is stored on a server and the user accesses
it via a password. For all these reasons, a central problem is how a client can establish a secure
channel between itself and a server based on a password. As is standard, the central element here is
to execute an authenticated exchange of a session key 1. This is a well-studied problem, an notably
from the seminal EKE work (which stands for Encryption Key Exchange) [BM92,BPROO,BMP00];
however, what differentiates the present paper from previous work is that we want to mitigate
the damage down by system compromise, by making the server to store a transformation of the
password only [BM93,ACP05,GMR06].
Previous works have assumed servers or other parties to be honest, but we know that system
compromise is a reality which can put secret-holding servers in the hands of adversaries. Sys-
tem compromise is a reality that should not be ruled out. It is unrealistic to expect full security
in the presence of this threat: if a hacker breaks into a server that stores client passwords, the
1 The secure channel is then implemented via symmetric encryption and authentication under the session key.
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
Chevassut, Olivier; Milner, Joseph & Pointcheval, David. Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman, report, April 21, 2008; Berkeley, California. (https://digital.library.unt.edu/ark:/67531/metadc900163/m1/1/: accessed March 21, 2019), University of North Texas Libraries, Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.