Abstract
Sometimes two parties who already share a weak secret k such as a password wish to share also a strong secret s such as a session key without revealing information about k to an active attacker. We assume that both parties can generate strong random numbers and forget secrets, and present new protocols for secure strong secret sharing, based on RSA, Diffie-Hellman, and El-Gamal. As well as being simpler and quicker than their predecessors, our protocols also have stronger security properties. In particular, our protocols make no cryptographic use of s and so do not impose subtle restrictions upon the use which is subsequently made of s by other protocols. Neither do we rely upon the existence of hash functions with serendipitous properties. In the course of presenting these protocols, we also consider how to frustrate some new types of cryptographic and system attack.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Anderson, R., Lomas, M.: Fortifying Key negotiation Schemes with Poorly Chosen Passwords. Electronics Letters 30(13), 1040–1041 (1994)
Anderson, R., Needham, R.: Programming Satan’s Computer. LNCS, vol. 1000. Springer, Heidelberg (1998)
Bellovin, S.M., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: Proc. of the IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, vol. 92, pp. 72–84 (1992)
Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
ElGamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)
Gong, L.: Optimal Authentication Protocols Resistant to Password Guessing Attacks. In: Proc. 8th IEEE Computer Security Foundations Workshop, pp. 24–29 (1995)
Gong, L., Lomas, M., Needham, R., Salzer, J.: Protecting Poorly Chosen Secrets from Guessing Attacks. IEEE Journal on Selected Areas in Communications 11(5), 648–656 (1993)
Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers, 5th edn. Oxford University Press, Oxford (1978)
Jablon, D.P.: Strong Password-Only Authenticated Key Exchange. Computer Communications Review 26(5), 5–26 (1996)
Kelsey, J., Schneier, B., Wagner, D.: Protocol Interactions and the Chosen Protocol Attack. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 91–104. Springer, Heidelberg (1998)
Lomas, M., Christianson, B.: To Whom am I Speaking? Remote Booting in a Hostile World. IEEE Computer 28(1), 50–54 (1995)
Lucks, S.: Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 79–90. Springer, Heidelberg (1998)
Patel, S.: Number Theoretic Attacks on Secure Password Schemes. In: Proc IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, vol. 97, pp. 236–247 (1997)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978); Operating Systems Review 29(3), 22–30
Wheeler, D.: Transactions using Bets. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 89–92. Springer, Heidelberg (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Christianson, B., Roe, M., Wheeler, D. (2005). Secure Sessions from Weak Secrets. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_24
Download citation
DOI: https://doi.org/10.1007/11542322_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28389-8
Online ISBN: 978-3-540-31836-1
eBook Packages: Computer ScienceComputer Science (R0)