References of "Sala, Petra 50026625"
     in
Bookmark and Share    
Full Text
See detailAttaques et preuves de sécurité des protocoles d'échange de clés authentifiés
Sala, Petra UL

Doctoral thesis (2021)

The vast majority of communication on the Internet and private networks heavily relies on Public-key infrastructure (PKI). One possible solution, to avoid complexities around PKI, is to use Password ... [more ▼]

The vast majority of communication on the Internet and private networks heavily relies on Public-key infrastructure (PKI). One possible solution, to avoid complexities around PKI, is to use Password Authenticated Key-Exchange (PAKE) protocols. PAKE protocols enable a secure communication link between the two parties who only share a low-entropy secret (password). PAKEs were introduced in the 1990s, and with the introduction of the first security models and security proofs in the early 2000s, it was clear that PAKEs have a potential for wide deployment - filling the gap where PKI falls short. PAKEs' PKI-free nature, resistance to phishing attacks and forward secrecy are just some of the properties that make them interesting and important to study. This dissertation includes three works on various aspects of PAKEs: an attack on an existing PAKE proposal, an application of PAKEs in login (for password leak detection) and authentication protocols (HoneyPAKEs), and a security analysis of the J-PAKE protocol, that is used in practice, and its variants. In our first work, we provide an empirical analysis of the zkPAKE protocol proposed in 2015. Our findings show that zkPAKE is not safe against offline dictionary attacks, which is one of the basic security requirements of the PAKE protocols. Further, we demonstrate an implementation of an efficient offline dictionary attack, which emphasizes that, it is necessary to provide a rigorous security proof when proposing a new protocol. In our second contribution, we propose a combined security mechanism called HoneyPAKE. The HoneyPAKE construction aims to detect the loss of password files and ensures that PAKE intrinsically protects that password. This makes the PAKE part of the HoneyPAKE more resilient to server-compromise and pre-computation attacks which are a serious security threat in a client-server communication. Our third contribution facilitates the wider adoption of PAKEs. In this work, we revisit J-PAKE and simplify it by removing a non-interactive zero knowledge proof from the last round of the protocol and derive a lighter and more efficient version called sJ-PAKE. Furthermore, we prove sJ-PAKE secure in the indistinguishability game-based model, the so-called Real-or-Random, also satisfying the notion of perfect forward secrecy. [less ▲]

Detailed reference viewed: 52 (11 UL)
Full Text
Peer Reviewed
See detailAn offline dictionary attack against zkPAKE protocol
Lopez Becerra, José Miguel UL; Ryan, Peter UL; Sala, Petra UL et al

in An offline dictionary attack against zkPAKE protocol (2019)

Password Authenticated Key Exchange (PAKE) allows a user to establish a secure cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security require- ments of ... [more ▼]

Password Authenticated Key Exchange (PAKE) allows a user to establish a secure cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security require- ments of PAKE is to prevent o ine dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to o ine password guess- ing attack, even in the presence of an adversary that has only eavesdrop- ping capabilities. Results of performance evaluation show that our attack is practical and e cient.Therefore, zkPAKE is insecure and should not be used as a password-authenticated key exchange mechanism. [less ▲]

Detailed reference viewed: 178 (15 UL)
Full Text
Peer Reviewed
See detailHoneyPAKEs
Lopez Becerra, José Miguel UL; Roenne, Peter UL; Ryan, Peter UL et al

in Security Protocols XXVI: Lecture Notes in Computer Science (2018, November 27)

We combine two security mechanisms: using a Password-based Authenticated Key Establishment (PAKE) protocol to protect the password for access control and the Honeywords construction of Juels and Rivest to ... [more ▼]

We combine two security mechanisms: using a Password-based Authenticated Key Establishment (PAKE) protocol to protect the password for access control and the Honeywords construction of Juels and Rivest to detect loss of password files. The resulting construction combines the properties of both mechanisms: ensuring that the password is intrinsically protected by the PAKE protocol during transmission and the Honeywords mechanisms for detecting attempts to exploit a compromised password file. Our constructions lead very naturally to two factor type protocols. An enhanced version of our protocol further provides protection against a compromised login server by ensuring that it does not learn the index to the true password. [less ▲]

Detailed reference viewed: 121 (14 UL)
Full Text
Peer Reviewed
See detailAn Offline Dictionary Attack Against zkPAKE Protocol
Lopez Becerra, José Miguel UL; Ryan, Peter UL; Sala, Petra UL et al

Poster (2018, June)

Password Authenticated Key Exchange (PAKE) allows a user to establish a strong cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security requirements of ... [more ▼]

Password Authenticated Key Exchange (PAKE) allows a user to establish a strong cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security requirements of PAKE is to prevent o ine dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to o ine password guessing attack, even in the presence of an adversary that has only eavesdropping capabilities. Therefore, zkPAKE is insecure and should not be used as a password-authenticated key exchange mechanism [less ▲]

Detailed reference viewed: 159 (14 UL)
Full Text
Peer Reviewed
See detailTightly-Secure PAK(E)
Lopez Becerra, José Miguel UL; Iovino, Vincenzo UL; Ostrev, Dimiter UL et al

in Cryptology and Network Security (2017, December 02)

We present a security reduction for the PAK protocol instantiated over Gap Diffie-Hellman Groups that is tighter than previously known reductions. We discuss the implications of our results for concrete ... [more ▼]

We present a security reduction for the PAK protocol instantiated over Gap Diffie-Hellman Groups that is tighter than previously known reductions. We discuss the implications of our results for concrete security. Our proof is the first to show that the PAK protocol can provide meaningful security guarantees for values of the parameters typical in today’s world. [less ▲]

Detailed reference viewed: 216 (36 UL)