SweetPAKE: Key exchange with decoy passwords

Honeywords; Oblivious PAKE; PAKE; Password-Authenticated Public-Key Encryption; SweetPAKE; Honeyword; Key-exchange; Oblivious password-authenticated key exchange; Password-authenticated key exchange; Password-authenticated public-key encryption; Public-key encryption; Secure channels; Session key; Computational Theory and Mathematics; Computer Networks and Communications; Computer Science Applications

Abstract :

[en] Decoy accounts are often used as an indicator of the compromise of sensitive data, such as password files. An attacker targeting only specific known-to-be-real accounts might, however, remain undetected. A more effective method proposed by Juels and Rivest at CCS’13 is to maintain additional fake passwords associated with each account. An attacker who gains access to the password file is unable to tell apart real passwords from fake passwords, and the attempted usage of a false password immediately sets off an alarm indicating a password file compromise. Password-Authenticated Key Exchange (PAKE) has long been recognised for its strong security guarantees when it comes to low-entropy password authentication and secure channel establishment, without having to rely on the setup of a PKI. In this paper, we introduce SweetPAKE, a new cryptographic primitive that offers the same security guarantees as PAKE for key exchange, while allowing clients with a single password to authenticate against servers with n candidate passwords for that account and establish a secure channel. Additional security properties are identified and formalized to ensure that (a) high-entropy session keys are indistinguishable from random, even if later on the long-term secret password becomes corrupted (forward secrecy); (b) upon password file leakage, an adversary cannot tell apart real from fake passwords; and (c) a malicious client cannot trigger a false alarm. We capture these properties by extending well-established game-based definitions of PAKE. Furthermore, we propose a new UC formulation that comprehensively unifies both SweetPAKE (session key indistinguishability and sugarword indistinguishability) and a related notion known as Oblivious-PAKE. Finally, we propose efficient SweetPAKE and Oblivious-PAKE protocols constructed from Password-Authenticated Public-Key Encryption (PAPKE) that satisfy all the proposed notions.

Disciplines :

Computer science

Author, co-author :

DELERUE ARRIAGA, Afonso ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA

RYAN, Peter Y A ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

SKROBOT, Marjan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA

External co-authors :

Language :

English

Title :

SweetPAKE: Key exchange with decoy passwords

Publication date :

July 2024

Event name :

Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Event place :

Singapore, Singapore

Event date :

01-07-2024 => 05-07-2024

Audience :

International

Main work title :

SweetPAKE: Key exchange with decoy passwords

Main work alternative title :

[en] SweetPAKE

Publisher :

Association for Computing Machinery, Inc, United States

ISBN/EAN :

9798400704826

Pages :

1017–1033

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

FnR Project :

C21/IS/16236053/FuturePass, C21/IS/16221219/ImPAKT

Funders :

ACM SIGSAC

Funding text :

We thank the anonymous reviewers of AsiaCCS 2024 for their comments and suggestions. Afonso Arriaga and Marjan \u0160krobot received support from the Luxembourg National Research Fund (FNR) under the CORE Junior project (C21/IS/16236053/FuturePass). Peter Y.A. Ryan received support from the Luxembourg National Research Fund (FNR) under the CORE project (C21/IS/16221219/ImPAKT). Additionally, we extend our thanks to Steve Meireles for his contribution to the implementation of the proposed protocols.

Available on ORBilu :

since 04 November 2024

Statistics

Number of views

90 (1 by Unilu)

Number of downloads

30 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™

Bibliography

Michel Abdalla, Manuel Barbosa, Tatiana Bradley, Stanisław Jarecki, Jonathan Katz, and Jiayu Xu. 2020. Universally Composable Relaxed Password Authenticated Key Exchange. In Advances in Cryptology – CRYPTO 2020, Daniele Micciancio and Thomas Ristenpart (Eds.). Springer, Cham, 278–307.
Michel Abdalla, Olivier Chevassut, and David Pointcheval. 2005. One-Time Verifier-Based Encrypted Key Exchange. In Public Key Cryptography - PKC 2005, Serge Vaudenay (Ed.). Springer, Berlin, Heidelberg, 47–64.
Michel Abdalla, Pierre-Alain Fouque, and David Pointcheval. 2005. Password-Based Authenticated Key Exchange in the Three-Party Setting. In Public Key Cryptography - PKC 2005, Serge Vaudenay (Ed.). Springer, Berlin, Heidelberg, 65–84.
Michel Abdalla, Björn Haase, and Julia Hesse. 2021. Security Analysis of CPace. In Advances in Cryptology – ASIACRYPT 2021, Mehdi Tibouchi and Huaxiong Wang (Eds.). Springer, Cham, 711–741.
Michel Abdalla and David Pointcheval. 2005. Simple Password-Based Encrypted Key Exchange Protocols. In Topics in Cryptology – CT-RSA 2005, Alfred Menezes (Ed.). Springer, Berlin, Heidelberg, 191–208.
Tolga Acar, Mira Belenkiy, and Alptekin Küpçü. 2013. Single password authentication. Computer Networks 57, 13 (2013), 2597–2614.
José Becerra, Peter B. Rønne, Peter Y. A. Ryan, and Petra Sala. 2018. HoneyPAKEs. In Security Protocols XXVI, Vashek Matyáš, Petr Švenda, Frank Stajano, Bruce Christianson, and Jonathan Anderson (Eds.). Springer, Cham, 63–77.
Hugo Beguinet, Céline Chevalier, David Pointcheval, Thomas Ricosset, and Mélissa Rossi. 2023. GeT a CAKE: Generic Transformations from Key Encaspulation Mechanisms to Password Authenticated Key Exchanges. In Applied Cryptography and Network Security, Mehdi Tibouchi and XiaoFeng Wang (Eds.). Springer, Cham, 516–538.
Mihir Bellare, David Pointcheval, and Phillip Rogaway. 2000. Authenticated Key Exchange Secure against Dictionary Attacks. In Advances in Cryptology - EUROCRYPT 2000, Bart Preneel (Ed.). Springer, Berlin, Heidelberg, 139–155.
S.M. Bellovin and M. Merritt. 1992. Encrypted key exchange: password-based protocols secure against dictionary attacks. In Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy. IEEE Computer Society, Los Alamitos, CA, USA, 72–84.
Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano. 2012. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In 2012 IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos, CA, USA, 553–567.
Tatiana Bradley, Jan Camenisch, Stanislaw Jarecki, Anja Lehmann, Gregory Neven, and Jiayu Xu. 2019. Password-Authenticated Public-Key Encryption. In Applied Cryptography and Network Security, Robert H. Deng, Valérie Gauthier-Umaña, Martín Ochoa, and Moti Yung (Eds.). Springer, Cham, 442–462.
R. Canetti. 2001. Universally composable security: a new paradigm for cryptographic protocols. In Proceedings 42nd IEEE Symposium on Foundations of Computer Science. IEEE Computer Society, Los Alamitos, CA, USA, 136–145.
Ran Canetti, Shai Halevi, Jonathan Katz, Yehuda Lindell, and Phil MacKenzie. 2005. Universally Composable Password-Based Key Exchange. In Advances in Cryptology – EUROCRYPT 2005, Ronald Cramer (Ed.). Springer, Berlin, Heidelberg, 404–421.
Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan. 2006. A Method for Making Password-Based Key Exchange Resilient to Server Compromise. In Advances in Cryptology - CRYPTO 2006, Cynthia Dwork (Ed.). Springer, Berlin, Heidelberg, 142–159.
Adam Groce and Jonathan Katz. 2010. A New Framework for Efficient Password-Based Authenticated Key Exchange. In Proceedings of the 17th ACM Conference on Computer and Communications Security (Chicago, Illinois, USA) (CCS’10). Association for Computing Machinery, New York, NY, USA, 516–525.
Björn Haase and Benoît Labrique. 2019. AuCPace: Efficient verifier-based PAKE protocol tailored for the IIoT. IACR Transactions on Cryptographic Hardware and Embedded Systems 2019, 2 (Feb. 2019), 1–48.
Feng Hao and Peter Ryan. 2010. J-PAKE: Authenticated Key Exchange without PKI. In Transactions on Computational Science XI: Special Issue on Security in Computing, Part II, Marina L. Gavrilova, C. J. Kenneth Tan, and Edward David Moreno (Eds.). Springer, Berlin, Heidelberg, 192–206.
Feng Hao and Paul C. van Oorschot. 2022. SoK: Password-Authenticated Key Exchange – Theory, Practice, Standardization and Real-World Lessons. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (Nagasaki, Japan) (ASIA CCS’22). Association for Computing Machinery, New York, NY, USA, 697–711.
Jung Yeon Hwang, Stanislaw Jarecki, Taekyoung Kwon, Joohee Lee, Ji Sun Shin, and Jiayu Xu. 2018. Round-Reduced Modular Construction of Asymmetric Password-Authenticated Key Exchange. In Security and Cryptography for Networks, Dario Catalano and Roberto De Prisco (Eds.). Springer, Cham, 485–504.
Ponemon Institute. 2022. The Cost of a Data Breach Report. IBM Security.
Stanislaw Jarecki, Hugo Krawczyk, Maliheh Shirvanian, and Nitesh Saxena. 2016. Device-Enhanced Password Protocols with Optimal Online-Offline Protection. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (Xi’an, China) (ASIA CCS’16). Association for Computing Machinery, New York, NY, USA, 177–188.
Stanislaw Jarecki, Hugo Krawczyk, and Jiayu Xu. 2018. OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-computation Attacks. In Advances in Cryptology – EUROCRYPT 2018, Jesper Buus Nielsen and Vincent Rijmen (Eds.). Springer, Cham, 456–486.
Ari Juels and Ronald L. Rivest. 2013. Honeywords: Making Password-Cracking Detectable. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (Berlin, Germany) (CCS’13). Association for Computing Machinery, New York, NY, USA, 145–160.
Franziskus Kiefer and Mark Manulis. 2015. Oblivious PAKE: Efficient Handling of Password Trials. In Information Security, Javier Lopez and Chris J. Mitchell (Eds.). Springer, Cham, 191–208.
Donald E. Knuth. 1997. The Art of Computer Programming, Volume 2: Seminumerical Algorithms (3 ed.). Vol. 2. Addison-Wesley, USA.
Wenting Li, Ping Wang, and Kaitai Liang. 2023. HPAKE: Honey Password-Authenticated Key Exchange for Fast and Safer Online Authentication. IEEE Transactions on Information Forensics and Security 18 (2023), 1596–1609.
Mark Manulis, Benny Pinkas, and Bertram Poettering. 2010. Privacy-Preserving Group Discovery with Linear Complexity. In Applied Cryptography and Network Security, Jianying Zhou and Moti Yung (Eds.). Springer, Berlin, Heidelberg, 420–437.
Bruno Freitas Dos Santos, Yanqi Gu, and Stanislaw Jarecki. 2023. Randomized Half-Ideal Cipher on Groups with Applications to UC (a)PAKE. In Advances in Cryptology – EUROCRYPT 2023, Carmit Hazay and Martijn Stam (Eds.). Springer, Cham, 128–156.
Marjan Skrobot and Jean Lancrenon. 2018. On Composability of Game-Based Password Authenticated Key Exchange. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE Computer Society, Los Alamitos, CA, USA, 443–457.
D. Taylor, T. Wu, N. Mavrogiannopoulos, and T. Perrin. 2007. Using the Secure Remote Password (SRP) Protocol for TLS Authentication. Technical Report 5054. RFC Editor. https://tools.ietf.org/html/rfc5054