Title: Strong password-based authentication in TLS using the three-party group Diffie–Hellman protocol

Authors: Michel Abdalla, Emmanuel Bresson, Olivier Chevassut, Bodo Moller, David Pointcheval

Addresses: Ecole normale superieure – CNRS, LIENS, Paris, France. ' Department of Cryptology, CELAR Technology Center, Bruz, France. ' Lawrence Berkeley National Laboratory, Berkeley, CA, USA. ' Horst Gortz Institute for IT Security, Ruhr-Universitat Bochum, Bochum, Germany. ' Ecole normale superieure – CNRS, LIENS, Paris, France

Abstract: The internet has evolved into a very hostile ecosystem where |phishing| attacks are common practice. This paper shows that the three-party group Diffie-Hellman key exchange can help protect against these attacks. We have developed password-based ciphersuites for the Transport Layer Security (TLS) protocol that are not only provably secure but also believed to be free from patent and licensing restrictions based on an analysis of relevant patents in the area.

Keywords: password authentication; group Diffie–Hellman key exchange; transport layer security; TLS; phishing attacks; cryptography; networks.

DOI: 10.1504/IJSN.2007.013181

International Journal of Security and Networks, 2007 Vol.2 No.3/4, pp.284 - 296

Published online: 11 Apr 2007 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article