RSA Laboratories - Proofs for Two-Server Password Authentication. CT-RSA 2005

Dr. Ari Juels Dr. Alina Oprea Kevin Bowers Dr. Nikos Triandopoulos Dr. Ting-Fang Yen Guoying Luo Prof. Ronald L. Rivest John Brainard Todd S. Leetham RSA Labs is Hiring	Citation: M. Szydlo and B. Kaliski. "Proofs for Two-Server Password Authentication." In A. Menezes, ed., CT-RSA 2005, pp. 227-244. © Springer-Verlag. Traditional password-based authentication and key-exchange protocols suffer from the simple fact that a single server stores the sensitive user password. In practice, when such a server is compromised, a large number of user passwords, (usually password hashes) are exposed at once. A natural solution involves splitting password between two or more servers. This work formally models the basic security requirement for two-server password authentication protocols, and in this framework provides concrete security proofs for two protocols. The first protocol considered [7] appeared at USENIX'03, but contained no security proof. For this protocol, we provide a concrete reduction to the computational Diffie-Hellman problem in the random oracle model. Next we present a second protocol, based on the same hard problem, but which is simpler, and has an easier, tighter reduction proof. Click here for paper (© Springer-Verlag) Top of Page	Selected Publications and Presentations On the security of RSA encryption in TLS. CRYPTO 2002. On hash function firewalls in signature schemes. CT-RSA 2002. An unknown key-share attack on the MQV key agreement protocol. ACM TISSEC, 2001. Server-assisted generation of a strong secret from a password. WET ICE 2000. Efficient finite field basis conversion involving dual bases. CHES'99. Emerging standards for public-key cryptography. Lectures on Data Security: Modern Cryptology in Theory and Practice, 1999. Storage-efficient finite field basis conversion. SAC'98. Proofs for Two-Server Password Authentication. CT-RSA 2005
		Email to a friend Print

Learn More...