Advanced password-authenticated key exchanges

Pierre-Alain Dupont 1, 2
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
Inria de Paris, CNRS - Centre National de la Recherche Scientifique : UMR 8548, DI-ENS - Département d'informatique de l'École normale supérieure
Abstract : Authenticated key exchange is probably the most widely deployed asymmetric cryptographic primitive, notably because of its inclusion in the TLS protocol. Its cousin, password-authenticated key exchange — where the authentication is done using a low-entropy password — while having been studied extensively as well has been much less used in practice. It is, however, a primitive much closer to actual authentication when at least one party is human. In this thesis, we consider advanced primitives based on password-authenticated key exchange, with an eye toward practical applications. Specifically, we introduce fuzzy password-authenticated key exchange, where the authentication succeeds as long as the two passwords are close enough, and not necessarily equal. We provide a security model in the UC framework, as well as a construction based on regular password-authenticated key exchanges and robust secret-sharing schemes. Secondly, we consider the practical problem of password leakage when taking into account sessions conducted on a corrupted device. As there is intrinsically no hope with regular password authentication, we extend the BPR security model to consider low-entropy challenge responses instead. We then provide several instantiations, some based on human-compatible function families, where the operation required to answer the challenge are simple enough to be conducted in one’s head, allowing the actual authentication to be directly performed by the human being.
Document type :
Theses
Complete list of metadatas

Cited literature [4 references]  Display  Hide  Download

https://hal.inria.fr/tel-01868828
Contributor : Pierre-Alain Dupont <>
Submitted on : Wednesday, September 5, 2018 - 10:01:45 PM
Last modification on : Wednesday, January 30, 2019 - 11:08:07 AM
Long-term archiving on : Thursday, December 6, 2018 - 5:56:02 PM

File

manuscript.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : tel-01868828, version 1

Collections

Citation

Pierre-Alain Dupont. Advanced password-authenticated key exchanges. Cryptography and Security [cs.CR]. PSL Research University, 2018. English. ⟨tel-01868828⟩

Share

Metrics

Record views

283

Files downloads

209