RSA-based Password-Authenticated Key Retrieval using multiple servers

Author

SeongHan Shin ; Kobara, Kazukuni

Author_Institution

Res. Inst. for Secure Syst. (RISEC), Nat. Inst. of Ind. Sci. & Technol. (AIST), Tsukuba, Japan

fYear

2013

fDate

9-12 Dec. 2013

Firstpage

106

Lastpage

111

Abstract

A PAKR (Password-Authenticated Key Retrieval) protocol and its multi-server system allow one party (say, client), who has a rememberable password, to retrieve a long-term static key in an exchange of messages with at least one other party (say, server) that has a private key. In this paper, we propose an RSA-based PAKR (for short, RSA-PAKR) protocol using multiple n servers, and then show that the RSA-PAKR protocol provides security of passwords and static keys against an attacker who takes full control of n - 1 servers. Several aspects of the RSA-PAKR protocol and its extension (including efficiency improvements, implementation issue and extension for distinguishing on-line dictionary attacks) are followed.

Keywords

cryptographic protocols; message authentication; PAKR protocol; RSA-PAKR protocol; RSA-based password-authenticated key retrieval protocol; long term static key; multiserver system; on-line dictionary attacks; Dictionaries; Nickel; Protocols; Public key; Servers; Silicon; Password; RSA; authentication; key retrieval; on-line/off-line dictionary attacks; server compromise;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Security (WorldCIS), 2013 World Congress on

Conference_Location

London

Type

conf

DOI

10.1109/WorldCIS.2013.6751027

Filename

6751027