One-time-password-authenticated key exchange

Abstract

To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. We give a formal security treatment of this important practical problem. We consider the use of one-time passwords in the context of password-authenticated key exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks. We describe a security model for the use of one-time passwords, explicitly considering the compromise of past (and future) one-time passwords, and show a general technique for building a secure one-time-PAKE protocol from any secure PAKE protocol. Our techniques also allow for the secure use of pseudorandomly generated and time-dependent passwords.

Keywords: one-time passwords, key exchange, protocols, public-key cryptography

Reference

Kenneth G. Paterson, Douglas Stebila. One-time-password-authenticated key exchange. In Ron Stein, Philip Hawkes, editors, Proc. 15th Australasian Conference on Information Security and Privacy (ACISP) 2010, LNCS, vol. 6168, pp. 264–281. © Springer, 2010. Full version available as http://eprint.iacr.org/2009/430.

Download

Publisher’s website: DOI: 10.1007/978-3-642-14081-5_17
Author’s website (full version): PDF
Cryptology ePrint Archive (full version): http://eprint.iacr.org/2009/430
BibTeX
@inproceedings{PS10, Abstract = {To reduce the damage of phishing and spyware attacks, banks, governments, and other security-sensitive industries are deploying one-time password systems, where users have many passwords and use each password only once. If a single password is compromised, it can be only be used to impersonate the user once, limiting the damage caused. However, existing practical approaches to one-time passwords have been susceptible to sophisticated phishing attacks. We give a formal security treatment of this important practical problem. We consider the use of one-time passwords in the context of password-authenticated key exchange (PAKE), which allows for mutual authentication, session key agreement, and resistance to phishing attacks. We describe a security model for the use of one-time passwords, explicitly considering the compromise of past (and future) one-time passwords, and show a general technique for building a secure one-time-PAKE protocol from any secure PAKE protocol. Our techniques also allow for the secure use of pseudorandomly generated and time-dependent passwords.}, Author = {Kenneth G. Paterson and Douglas Stebila}, Booktitle = {Proc. 15th Australasian Conference on Information Security and Privacy (ACISP) 2010}, Booktitleshort = {Proc. ACISP 2010}, Copyright = {Springer}, Doi = {10.1007/978-3-642-14081-5\_17}, Editor = {Ron Stein and Philip Hawkes}, Keywords = {one-time passwords, key exchange, protocols, public-key cryptography}, Note = {Full version available as \url{http://eprint.iacr.org/2009/430}}, Pages = {264--281}, Publisher = {Springer}, Series = {LNCS}, Title = {One-time-password-authenticated key exchange}, Volume = {6168}, Year = {2010}}

Presentations

2010/07/06: “One-time-password-authenticated key exchange.” Presented at the 15th Australasian Conference on Information Security and Privacy (ACISP) 2010. (PDF slides)

This is the website of Douglas Stebila.