Results 1 -
1 of
1
Secure Password-Based Cipher Suite for TLS
- PROCEEDINGS OF NETWORK AND DISTRIBUTED SYSTEMS SECURITY SYMPOSIUM
, 2001
"... SSL is the de-facto standard today for securing end-to-end transport on the Internet. While the protocol itself seems rather secure, there are a number of risks that lurk in its use, e.g., in web banking. However, the adoption of password-based key-exchange protocols can overcome some of
these probl ..."
Abstract
-
Cited by 24 (1 self)
- Add to MetaCart
SSL is the de-facto standard today for securing end-to-end transport on the Internet. While the protocol itself seems rather secure, there are a number of risks that lurk in its use, e.g., in web banking. However, the adoption of password-based key-exchange protocols can overcome some of
these problems. We propose the integration of such a protocol (DH-EKE) in the TLS protocol, the standardization of SSL by IETF. The resulting protocol provides secure mutual authentication and key establishment over an insecure channel. It does not have to resort to a PKI or keys and certicates stored on the users computer. Additionally, its integration in TLS is as minimal and
non-intrusive as possible.
