On password-based authenticated key exchange (PAKE) protocols.

Download
2020
Tonga, Meryem
Authentication and key agreement protocols play an important role in today’s digital world. Key agreement methods mostly mimic Diffie-Hellman key exchange protocol, but unfortunately they are susceptible to man-in-the-middle attacks. Password based authenticated key exchange (PAKE) protocols promise to handle these key agreement and authentication without requiring existence of certificate authorities or trusted third parties. More importantly, PAKE protocols enable agreement on low-entropy passwords rather than high-entropy cryptographic keys shared by only involved parties. Even if PAKE protocols are not widely used in practice, they are already included in IEFT (RFC), ISO security standards and TLS cryptographic suite. In this thesis, by following these recent developments, we first present these PAKE protocols in three forms, namely balanced PAKE protocols, augmented PAKE protocols and password authenticated key retrieval (PAKR) protocols and within both single and multi server settings. Particularly, we revisit EKE, SPEKE, PAK, PPK, J-PAKE, SPAKE, SESPAKE balanced, and SRP, AugPAKE, OPAQUE, B-SPEKE augmented protocols. Then, we summarize security attacks to these protocols. Afterwards, detailed explanations of the attacks against these protocols are given. We further present current state of the art for PAKE protocols. Finally, we draw attention to possible extensions for PAKE protocols and state currently open questions about the subject.

Suggestions

Security analysis of electronic signature applications and test suite study
Ergun, Tamer; Özbudak, Ferruh; Department of Cryptography (2013)
Digital signature technology is used widely for security and trust in electronic business and communications. Nowadays it becomes commonly used especially in government agencies. From this point of view, it is crucial to implement correct applications to create and verify digital signatures. CEN (European Commitee for Standardization) has introduced the security requirements for signature applications but neither proposed a PKI model nor implemented a test suite to evaluate the accuracy of signature applica...
A PUF-based lightweight group authentication and key distribution protocol
Yıldız, Hüsnü; Onur, Ertan; Department of Computer Engineering (2020-9)
Securing Internet of Things (IoT) applications that collect and transport sensitive data by guaranteeing authenticity, integrity, and confidentiality is a critical challenge. Reducing computation and communication overhead of security functions is also a key concern since a large number of constrained devices may take place in such applications. Our main focus in this thesis is group authentication and key management in IoT. The existing group authentication and key management protocols in the literature pe...
Analysis of Password Attacks From The Perspective Of The Attacker By Multiple Honeypots
Aydın, Kıvanç; Acartürk, Cengiz; Department of Cybersecurity (2021-8-19)
Authentication is vital for secure operation of ICT systems. Since the past several decades, alternative solutions have been developed for authentication, such as biometric authentication methods, aiming at replacing passwords. Nevertheless, their success has been limited as evidenced by intensive use of passwords. Today, an average user uses dozens of different passwords in daily practice. The frequent use of passwords in authentication also leads to a close interest of attackers due to rapid the expansion...
Quantum Key Distribution and Recent Advancements
Demir, Nazlı Ceren; Yayla, Oğuz; Department of Cryptography (2021-2-10)
Güvenli anahtar değişiminin sağlanması simetrik anahtar ile şifrelemede önemli bir konudur. Kuantum bilgisayarların geliştirilmesiyle günümüzde kullanımda olan sistemlerin güvenlik ihtiyacını karşılamayacağı değerlendirilmektedir. Bu doğrultuda öne çıkan önemli bir araştırma konusu kuantum anahtar değişimidir. Bu bitirme projesi, ilk kuantum anahtar değişimi protokolü olan BB84 Protokolünü ve kuantum anahtar paylaşımında son dönemde meydana gelen gelişmeleri ele almaktadır.
Server notarıes: a complementary approach to the web PKI TRUST model
Yüce, Emre; Doğanaksoy, Ali; Selçuk, Ali Aydın; Department of Cryptography (2016)
SSL/TLS is the de facto protocol for providing secure communication over the Internet. It relies on the Web PKI model for authentication and secure key exchange. Despite its relatively successful past, the number of Web PKI incidents observed have increased recently. These incidents revealed the risks of forged certificates issued by certificateauthoritieswithouttheconsentofthedomainowners. Severalsolutionshave beenproposedtosolvethisproblem,butnosolutionhasyetreceivedwidespreadadaption due to complexity and ...
Citation Formats
M. Tonga, “On password-based authenticated key exchange (PAKE) protocols.,” Thesis (M.S.) -- Graduate School of Applied Mathematics. Cryptography., Middle East Technical University, 2020.