Publications on Strong Password Authentication
| [And94] | R. J. Anderson & T. M. A. Lomas, Fortifying Key Negotiation Schemes with Poorly Chosen Passwords, Electronics Letters, v. 30, n. 13, June 23, 1994, pp. 1040-1041. |
| [BESW00] | P. Buhler, T. Eirich, M. Steiner & M. Waidner, Secure Password-Based Cipher Suite for TLS, Proceedings of the Year 2000 Network and Distributed System Security Symposium, February 2-4, 2000. (.PDF) (Postscript) |
| [BM91] |
S. M. Bellovin
and M. Merritt, Limitations of the Kerberos Authentication System, Winter '91 USENIX Conference Proceedings, USENIX Association, 1991. |
| [BM92] |
S. M. Bellovin
and M. Merritt, Encrypted Key Exchange: Password- Based Protocols Secure Against Dictionary Attacks (or here), Proceedings of the I.E.E.E. Symposium on Research in Security and Privacy, Oakland, May 1992. |
| [BM93] |
S. M. Bellovin
and M. Merritt, An Attack on the Interlock Protocol When Used for Authentication, I.E.E.E. Transactions on Information Theory , v. 40, n. 1, January 1994, pp. 273-275. |
| [BM94] |
S. M. Bellovin
and M. Merritt, Augmented Encrypted Key Exchange: a Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise (or here), AT&T Bell Laboratories (c. 1994). |
| [BMP00] |
V. Boyko, P. MacKenzie & S. Patel, Provably Secure Password Authenticated Key Exchange Using Diffie-Hellman, Advances in Cryptology - EUROCRYPT 2000, Preneel, B., (Ed.), May 14-18, 2000. (Conference proceedings) (MacKenzie's page and updated paper) |
| [Boy99] |
M. K. Boyarsky, Public-Key Cryptography and Password Protocols: The Multi-User Case, Proceedings of the 6th ACM Conference on Computer and Communications Security, November 1-4, 1999, Singapore. (September 16, 1999 version) |
| [BPR00] |
M. Bellare, D. Pointcheval & P. Rogaway, Authenticated Key Exchange Secure Against Dictionary Attack, Advances in Cryptology - EUROCRYPT 2000, Lecture Notes in Computer Science, vol. 1807, pp. 139-155, B. Preneel, ed., Springer-Verlag, May 2000. (Conference proceedings) (Author's page) |
| [BR00] |
M. Bellare & P. Rogaway, The AuthA Protocol for Password-Based Authenticated Key Exchange, Contribution to the IEEE P1363 study group, March 14, 2000. |
| [Chr99] | B. Christianson, Private communication. |
| [DH79] | W. Diffie & M. E. Hellman, Privacy and Authentication: An Introduction to Cryptography, Proceedings of the I.E.E.E., vol. 67, No. 3, pp. 397-427 (Mar. 1979) |
| [DvOW92] | W. Diffie, P.C. van Oorschot, & M. Wiener, Authentication and Authenticated Key Exchanges, Designs Codes and Cryptography, 2, 107-125, (1992) |
| [Ell96] | C. Ellison, Establishing Identity Without Certification Authorities, Proceedings of the Sixth Annual USENIX Security Symposium, San Jose, July 1996, pp. 67-76. |
| [FK00] | W. Ford & B. Kaliski, Server-Assisted Generation of a Strong Secret from a Password, Proceedings of the IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, NIST, Gaithersburg MD, June 14-16, 2000. (VeriSign product literature) |
| [FNW95] | R. Fagin, M. Naor & P. Winkler, Comparing Information Without Leaking It, Postscript paper at http://www.wisdom.weizmann.ac.il/~naor/PUZZLES/compare.html, September 19, 1995. |
| [FPKR01] | S. Farrell, R. Perlman, C. Kaufman & M. Rose, Securely Available Credentials - The PDM Protocol, IETF draft-ietf-sacred-protocol-beep-pdm-00.txt (work in progress) June 2001. |
| [GL00] |
O. Goldreich & Y. Lindell, Session-Key Generation using Human Passwords Only, Cryptology ePrint Archive: Report 2000/057. Downloadable from http://eprint.iacr.org/2000/057/. (See [GL01]) |
| [GL01] |
O. Goldreich & Y. Lindell, Session-Key Generation using Human Passwords Only, Paper accepted to Crypto 2001 (See [GL00]) |
| [GLNS93] |
L. Gong,
M. Lomas, R. Needham, & J. Saltzer, Protecting Poorly Chosen Secrets from Guessing Attacks, I.E.E.E. Journal on Selected Areas in Communications, Vol. 11, No. 5, June 1993, pp. 648-656. |
| [Gon95] |
L. Gong, Optimal Authentication Protocols Resistant to Password Guessing Attacks, Proceedings of the 8th IEEE Computer Security Foundations Workshop, County Kerry, Ireland, June 1995, pp. 24-29. |
| [HK98] |
S. Halevi & H. Krawczyk, Public-key cryptography and password protocols Proceedings of the Fifth ACM Conference on Computer and Communications Security, pp. 122-131, 1998, ACM. (See revised version [HK99]) |
| [HK99] |
S. Halevi & H. Krawczyk, Public-key cryptography and password protocols ACM Transactions on Information and Systems Security (TISSEC), Vol. 2, no. ?, pages ???-???, August 1999, ACM. shaih/pubs 99-04.html (See preliminary version [HK98]) |
| [Jab96] |
D. Jablon, Strong Password-Only Authenticated Key Exchange Computer Communication Review, ACM SIGCOMM, vol. 26, no. 5, pp. 5-26, October 1996. (Web version revised March 2, 1997) |
| [Jab97] |
D. Jablon, Extended Password Key Exchange Protocols Immune to Dictionary Attacks , Proceedings of the Sixth Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET-ICE '97), IEEE Computer Society, June 18-20, 1997, Cambridge, MA, pp. 248-255. |
| [Jab01] |
D. Jablon, Password Authentication Using Multiple Servers, LNCS 2020: Topics in Cryptology -- CT-RSA 2001, April 8-12, 2001 Proceedings, pp. 344-360, 2001, Springer-Verlag. (Mail the author to obtain a preprint.) |
| [Jas96] | B. Jaspan, Dual-workfactor Encrypted Key Exchange: Efficiently Preventing Password Chaining and Dictionary Attacks, Proceedings of the Sixth Annual USENIX Security Conference, July 1996, pp. 43-50. |
| [KKP99] | Seungjoo Kim, Byungchun Kim & Sungjun Park, Comments on password-based private key download protocol of NDSS'99, Electronics Letters 35(22), IEE Press, 1999, pp.1937-1938. |
| [KKJS99] |
T. Kwon, M. Kang, S. Jung, & J. Song,
An improvement of the password-based authentication protocol (K1P) on security against replay attacks, IEICE Transactions on Communications, vol. E82-B, no. 7, pp. 991-997, July 1999. |
| [KOY01] | J. Katz, R. Ostrovsky & M. Yung, Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords, LNCS 2045: Topics in Cryptology -- Eurocrypt 2001 Proceedings, p. 475 ff., 2001, Springer-Verlag. |
| [KPS95] | C. Kaufman, R. Perlman, M. Speciner, Network Security: Private Communication in a Public World, Prentice-Hall, 1995. Amazon |
| [KS98] |
T. Kwon & J. Song, Efficient and secure password-based authentication protocols against guessing attacks, Computer Communications, Vol. 21, No. 9, pp. 853-861, July 1998. |
| [KS99] |
T. Kwon & J. Song, Secure Agreement Scheme for g^xy via Password Authentication, Electronics Letters, vol.35, no.11, pp.892-893, 27 May 1999 |
| [KS00] |
T. Kwon & J. Song, A Study on the Generalized Key Agreement and Password Authentication Protocol, IEICE Transactions on Communications, vol. E83-B, no. 9, pp. 2044-2050, September 2000 |
| [Kw00] |
T. Kwon & J. Song, Authentication and Key Agreement via Memorable Password, Cryptology ePrint Archive: Report 2000/026, also submitted to IEEE P1363. Downloadable from http://eprint.iacr.org/2000/026/. |
| [Kw01] |
T. Kwon, Authentication and Key Agreement via Memorable Passwords, NDSS 2001 Symposium Conference Proceedings, February 7-9, 2001. |
| [Luc97] |
S. Lucks, Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , The Security Protocol Workshop '97, Ecole Normale Superieure, April 7-9, 1997. |
| [MacK01a] | P. MacKenzie, More Efficient Password-Authenticated Key Exchange, LNCS 2020: Topics in Cryptology -- CT-RSA 2001, April 8-12, 2001 Proceedings, pp. 361-377, 2001, Springer-Verlag. |
| [MacK01b] | P. MacKenzie, On the Security of the SPEKE Password-Authenticated Key Exchange Protocol, Cryptology ePrint Archive: Report 2001/057. Downloadable from http://eprint.iacr.org/2001/057/. |
| [McC90] | K. McCurley, The Discrete Logarithm Problem, Cryptology and Computational Number Theory, Proceedings of Symposia in Applied Mathematics, vol. 42, 1990, pp. 49-74. |
| [MOV96] | A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996. |
| [MPS00] | P. MacKenzie, S. Patel & R. Swaminathan, Password-Authenticated Key Exchange based on RSA, Accepted to ASIACRYPT 2000. (see [MS99]) |
| [MS99] | P. MacKenzie & R. Swaminathan, Secure Network Authentication with Password Identification, Presented to IEEE P1363a, August, 1999. (MacKenzie's bibliography) (see [MPS00]) |
| [NIST94] |
National Institute of Standards and Technology, Digital Signature Standard, NIST FIPS PUB 186, U.S. Department of Commerce, May 1994. |
| [Pat97] |
S. Patel,
Number Theoretic Attacks On Secure Password Schemes 1997 IEEE Symposium on Security and Privacy, Oakland, California, May 5-7, 1997. |
| [PH78] | Pohlig & Hellman, An Improved Algorithm for Computing Logarithms over GF(p) and its Cryptographic Significance, I.E.E.E. Transactions on Information Theory, pp. 106-110, January 1978. |
| [PK00] | R. Perlman & C. Kaufman, Strong Password-Based Authentication Using Pseudorandom Moduli, IETF draft-perlman-strong-pass-00.txt June 26, 2000. (draft expired. see also [FPKR01]) |
| [PK01a] | R. Perlman & C. Kaufman, Analysis of the IPsec Key Exchange Standard, Proceedings of the IEEE 10th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, MIT, Cambridge, MA, June 20-22, 2001. (see also [PK01b]) |
| [PK01b] | R. Perlman & C. Kaufman, Code-preserving Simplifications and Improvements to IKE, IETF draft-ietf-ipsec-improveike-00.txt (work in progress) July 9, 2001. (see also [PK01a]) |
| [PK99] | R. Perlman & C. Kaufman, Secure Password-Based Protocol for Downloading a Private Key, Proceedings of the 1999 Network and Distributed System Security, February 3-5, 1999. |
| [PM99] | N. Provos & D. Mazieres, A A Future-Adaptable Password Scheme, 1999 USENIX Annual Technical Conference, June 6-11, 1999. |
| [RCW98] | M. Roe, B. Christianson, D. Wheeler, Secure Sessions from Weak Secrets, Technical report from University of Cambridge and University of Hertfordshire, 1998. Submitted to Operating Systems Review. |
| [Sch96] |
B. Schneier,
Applied Cryptography Second Edition, John Wiley & Sons, 1996. |
| [STW95] | M. Steiner, G. Tsudik, & M. Waidner, Refinement and Extension of Encrypted Key Exchange, Operating Systems Review, vol. 29, Iss. 3, pp. 22-30 (July 1995). |
| [Tay01] | D. Taylor, Using SRP for TLS Authentication, IETF draft-ietf-tls-srp-01.txt (work in progress) June 29, 2001. |
| [TA91] | J. Tardo & K. Alagappan, SPX: Global authentication using public key certificates, Proceedings of I.E.E.E. Computer Society Symposium on Research in Security and Privacy, Oakland, pp. 232-244, May 1991. |
| [vOW96] | P. C. van Oorschot, M. J. Wiener, On Diffie-Hellman Key Agreement with Short Exponents, Proceedings of Eurocrypt 96, Springer-Verlag, May 1996. |
| [Wu98] |
T. Wu, The Secure Remote Password Protocol , Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, San Diego, March 1998, pp. 97-111. |
| [Wu99] | T. Wu, A Real-World Analysis of Kerberos Password Security, Proceedings of the 1999 Network and Distributed System Security Symposium, February 3-5, 1999. |
| [YSH01] | Her-Tyan Yeh, Hung-Min Sun, & Tzonelih Hwang, Security Analysis of the Generalized Key Agreement and Password Authentication Protocol, To appear in IEEE Communications Letters, 2001. |