11 Matching Results

Search Results

Advanced search parameters have been applied.

Provably-Secure Authenticated Group Diffie-Hellman KeyExchange

Description: Authenticated key exchange protocols allow two participantsA and B, communicating over a public network and each holding anauthentication means, to exchange a shared secret value. Methods designedto deal with this cryptographic problem ensure A (resp. B) that no otherparticipants aside from B (resp. A) can learn any information about theagreed value, and often also ensure A and B that their respective partnerhas actually computed this value. A natural extension to thiscryptographic method is to consider a pool of participants exchanging ashared secret value and to provide a formal treatment for it. Startingfrom the famous 2-party Diffie-Hellman (DH) key exchange protocol, andfrom its authenticated variants, security experts have extended it to themulti-party setting for over a decade and completed a formal analysis inthe framework of modern cryptography in the past few years. The presentpaper synthesizes this body of work on the provably-secure authenticatedgroup DH key exchange.
Date: January 1, 2007
Creator: Bresson, Emmanuel; Chevassut, Olivier & Pointcheval, David
Partner: UNT Libraries Government Documents Department

Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman

Description: The internet has grown greatly in the past decade, by some numbers exceeding 47 million active web sites and a total aggregate exceeding100 million web sites. What is common practice today on the Internet is that servers have public keys, but clients are largely authenticated via short passwords. Protecting these passwords by not storing them in the clear on institutions's servers has become a priority. This paper develops password-based ciphersuites for the Transport Layer Security (TLS) protocol that are: (1) resistant to server compromise; (2) provably secure; (3) believed to be free from patent and licensing restrictions based on an analysis of relevant patents in the area.
Date: April 21, 2008
Creator: Chevassut, Olivier; Milner, Joseph & Pointcheval, David
Partner: UNT Libraries Government Documents Department

Dynamic Group Diffie-Hellman Key Exchange under standard assumptions

Description: Authenticated Diffie-Hellman key exchange allows two principals communicating over a public network, and each holding public-private keys, to agree on a shared secret value. In this paper we study the natural extension of this cryptographic problem to a group of principals. We begin from existing formal security models and refine them to incorporate major missing details (e.g., strong-corruption and concurrent sessions). Within this model we define the execution of a protocol for authenticated dynamic group Diffie-Hellman and show that it is provably secure under the decisional Diffie-Hellman assumption. Our security result holds in the standard model and thus provides better security guarantees than previously published results in the random oracle model.
Date: February 14, 2002
Creator: Bresson, Emmanuel; Chevassut, Olivier & Pointcheval, David
Partner: UNT Libraries Government Documents Department

Provably authenticated group Diffie-Hellman key exchange - The dynamic case (Extended abstract)

Description: Dynamic group Diffie-Hellman protocols for Authenticated Key Exchange(AKE) are designed to work in scenario in which the group membership is not known in advance but where parties may join and may also leave the multicast group at any given time. While several schemes have been proposed to deal with this scenario no formal treatment for this cryptographic problem has ever been suggested. In this paper, we define a security model for this problem and use it to precisely define Authenticated Key Exchange (AKE) with ''implicit'' authentication as the fundamental goal, and the entity-authentication goal as well. We then define in this model the execution of a protocol modified from a dynamic group Diffie-Hellman scheme offered in the literature and prove its security.
Date: September 20, 2001
Creator: Bresson, Emmanuel; Chevassut, Olivier & Pointcheval, David
Partner: UNT Libraries Government Documents Department

New Security Results on Encrypted Key Exchange

Description: Schemes for encrypted key exchange are designed to provide two entities communicating over a public network, and sharing a (short) password only, with a session key to be used to achieve data integrity and/or message confidentiality. An example of a very efficient and ''elegant'' scheme for encrypted key exchange considered for standardization by the IEEE P1363 Standard working group is AuthA. This scheme was conjectured secure when the symmetric-encryption primitive is instantiated via either a cipher that closely behaves like an ''ideal cipher,'' or a mask generation function that is the product of the message with a hash of the password. While the security of this scheme in the former case has been recently proven, the latter case was still an open problem. For the first time we prove in this paper that this scheme is secure under the assumptions that the hash function closely behaves like a random oracle and that the computational Diffie-Hellman problem is difficult. Furthermore, since Denial-of-Service (DoS) attacks have become a common threat we enhance AuthA with a mechanism to protect against them.
Date: December 15, 2003
Creator: Bresson, Emmanuel; Chevassut, Olivier & Pointcheval, David
Partner: UNT Libraries Government Documents Department

The group Diffie-Hellman problems

Description: In this paper they study generalizations of the Diffie-Hellman problems recently used to construct cryptographic schemes for practical purposes. The Group Computational and the Group Decisional Diffie-Hellman assumptions not only enable one to construct efficient pseudo-random functions but also to naturally extend the Diffie-Hellman protocol to allow more than two parties to agree on a secret key. In this paper they provide results that add to their confidence in the GCDH problem. They reach this aim by showing exact relations among the GCDH, GDDH, CDH and DDH problems.
Date: July 20, 2002
Creator: Bresson, Emmanuel; Chevassut, Olivier & Pointcheval, David
Partner: UNT Libraries Government Documents Department

Authenticated group Diffie-Hellman key exchange: theory and practice

Description: Authenticated two-party Diffie-Hellman key exchange allows two principals A and B, communicating over a public network, and each holding a pair of matching public/private keys to agree on a session key. Protocols designed to deal with this problem ensure A (B resp.)that no other principals aside from B (A resp.) can learn any information about this value. These protocols additionally often ensure A and B that their respective partner has actually computed the shared secret value. A natural extension to the above cryptographic protocol problem is to consider a pool of principals agreeing on a session key. Over the years several papers have extended the two-party Diffie-Hellman key exchange to the multi-party setting but no formal treatments were carried out till recently. In light of recent developments in the formalization of the authenticated two-party Diffie-Hellman key exchange we have in this thesis laid out the authenticated group Diffie-Hellman key exchange on firmer foundations.
Date: October 3, 2002
Creator: Chevassut, Olivier
Partner: UNT Libraries Government Documents Department

An integrated solution for secure group communication in wide-area networks

Description: Many distributed applications require a secure reliable group communication system to provide coordination among the application components. This paper describes a secure group layer (SGL) which bundles a reliable group communication system, a group authorization and access control mechanism, and a group key agreement protocol to provide a comprehensive and practical secure group communication platform. SGL also encapsulates the standard message security services (i.e, confidentiality, authenticity and integrity). A number of challenging issues encountered in the design of SGL are brought to light and experimental results obtained with a prototype implementation are discussed.
Date: April 1, 2001
Creator: Agarwal, Deborah A.; Chevassut, Olivier; Thompson, Mary & Tsudik, Gene
Partner: UNT Libraries Government Documents Department

A practical approach to the interGroup protocols

Description: Existing reliable ordered group communication protocols have been developed for local-area networks and do not, in general, scale well to large numbers of nodes and wide-area networks. The InterGroup suite of protocols is a scalable group communication system that introduces an unusual approach to handling group membership, and supports a receiver-oriented selection of service. The protocols are intended for a wide-area network, with a large number of nodes, that has highly variable delays and a high message loss rate, such as the Internet. The levels of the message delivery service range from unreliable unordered to reliable timestamp ordered. We also present a secure group layer that builds on InterGroup to provide SSL-like security for groups.
Date: November 12, 2001
Creator: Berket, Karlo; Agarwal, Deborah A. & Chevassut, Olivier
Partner: UNT Libraries Government Documents Department

Secure password-based authenticated key exchange for web services

Description: This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.
Date: November 22, 2004
Creator: Liang, Fang; Meder, Samuel; Chevassut, Olivier & Siebenlist, Frank
Partner: UNT Libraries Government Documents Department

Provably Secure Password-based Authentication in TLS

Description: In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.
Date: December 20, 2005
Creator: Abdalla, Michel; Emmanuel, Bresson; Chevassut, Olivier; Moeller,Bodo & Pointcheval, David
Partner: UNT Libraries Government Documents Department