A New Two-Server A New Two-Server Approach for Approach for Authentication with Authentication with Short Secrets Short Secrets John Brainard, Ari Juels, John Brainard, Ari Juels, Burt Kaliski and Michael Burt Kaliski and Michael Szydlo RSA Laboratories Szydlo RSA Laboratories To appear in USENIX Security 2003/4/
27
Embed
A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
A New Two-Server Approach A New Two-Server Approach for Authentication with Short for Authentication with Short
SecretsSecrets
John Brainard, Ari Juels,Burt KalJohn Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Labiski and Michael Szydlo RSA Lab
oratoriesoratories
To appear in USENIX Security 2003/4/9
OutlineOutline
IntroductionIntroduction Previous WorkPrevious Work New WorkNew Work
Passwords and PINsPasswords and PINs
Short secrets are convenience .Short secrets are convenience . The secrets stored in a central The secrets stored in a central
database.database.
ProblemProblem
How is it possible to provide secure How is it possible to provide secure services to users who can services to users who can authenticate using only short secrets authenticate using only short secrets or weak password?or weak password?
Smartcards , similar key-storageSmartcards , similar key-storage
G is large group (hard to discrete log)G is large group (hard to discrete log) g : generatorg : generator q : order in Zp (p=2q+1)q : order in Zp (p=2q+1) p (1024 bits)p (1024 bits) w: H -> Gw: H -> G
1
1
'1
{2,4,..., 1}R
e
e q
Y g
0
0
,
0
{2,4,..., 1}
( )R
blue U
e
e q
A w Q
Y Ag
0 ,Y U
1, redY H
1
1
'1
{2,4,..., 1}R
e
e q
Y g
1
,
'1 1
0
?
0 1
( )
( / )
{2,..., 2}
( || || || )
red U
ered
red
red red
B w Q
Y BY
Z Y B
Z p
H h Z Y Y U
0
1
?
( / )
{2,..., 2}
( || )
eblue
blue
blue blue red
Z Y A
Z p
H h Z H
0
0
,
0
{2,4,..., 1}
( )R
blue U
e
e q
A w Q
Y Ag
1, redY H
?0 1( || || || )red blueH h Z Y Y U ? ( || )blue red redH h Z H
two servers.two servers. not derive a shared key.not derive a shared key. Client need perform no cryptographic Client need perform no cryptographic
computation, and operation in H. computation, and operation in H.
OutlineOutline
IntroductionIntroduction Previous WorkPrevious Work New WorkNew Work Equality-Testing ProtocolEquality-Testing Protocol Architectural MotivationArchitectural Motivation
Architectural MotivationArchitectural Motivation
Security in two servers.Security in two servers. * different OSs* different OSs * different organizations* different organizations (privacy outsourcing): (privacy outsourcing): service providerservice provider privacy providerprivacy provider
Architectural MotivationArchitectural Motivation
UniversalityUniversality Pseudonymity Pseudonymity Engineering simplicityEngineering simplicity System isolation System isolation Mitigation of denial-of-service attacksMitigation of denial-of-service attacks
OutlineOutline
IntroductionIntroduction Previous WorkPrevious Work New WorkNew Work Equality-Testing ProtocolEquality-Testing Protocol Architectural MotivationArchitectural Motivation Avoiding ProblemsAvoiding Problems
Avoiding ProblemsAvoiding Problems
False Pseudonym ProblemFalse Pseudonym Problem Replay Attacks ProblemReplay Attacks Problem