Sciweavers

JCSS
2006

Password-based authentication and key distribution protocols with perfect forward secrecy

14 years 12 days ago
Password-based authentication and key distribution protocols with perfect forward secrecy
In an open networking environment, a workstation usually needs to identify its legal users for providing its services. Kerberos provides an efficient approach whereby a trusted third-party authentication server is used to verify users' identities. However, Kerberos enforces the user to use strong cryptographic secret for user authentication, and hence is insecure from password guessing attacks if the user uses a weak password for convenience. In this paper, we focus on such an environment in which the users can use easy-to-remember passwords. In addition to password guessing attacks, perfect forward secrecy (PFS in short) is another important security consideration when designing an authentication and key distribution protocol. Based on the capability of protecting the client's password, the application server's secret key, and the authentication server's private key, we define seven classes of perfect forward secrecy and focus on protocols achieving class-1, class...
Hung-Min Sun, Her-Tyan Yeh
Added 13 Dec 2010
Updated 13 Dec 2010
Type Journal
Year 2006
Where JCSS
Authors Hung-Min Sun, Her-Tyan Yeh
Comments (0)