Password-based key exchange schemes are designed to provide entities communicating over a public network, and sharing a (short) password only, with a session key (e.g, the key is used for data integrity and/or confidentiality). The focus of the present paper is on the analysis of schemes that have been adopted by the IEEE P1363 Standard working group on password-based authenticated key-exchange methods. We analyze the AuthA key exchange scheme and give the first complete proof of its security. Our analysis shows that the AuthA protocol and its multiple modes of operations are provably secure under the computational Diffie-Hellman intractability assumption. Our result also suggests a new mode allowing AuthA to run on low-power computing devices such as smart-cards or pocket PCs.

Identity theft through phishing attacks has become a major concern for Internet users. Typically, phishing attacks aim at luring the user to a faked web site to disclose personal information. Various solutions have been proposed against this kind of attack. However, these solutions can hardly counter the new generation of sophisticated malware phishing attacks, e.g., pharming trojans, designed to target certain services. This paper aims at making the first steps towards the design and implementation of an open source and interoperable security architecture that prevents both classical and malware phishing attacks. Our approach is based on the ideas of compartmentalization for separating applications domains of different trust level, and a trusted wallet for storing credentials and authenticating sensitive services. Once the wallet has been setup in an initial step, our solution requires no special care from users for identifying the right web sites while the disclosure of credentials is strictly controlled. Moreover, a prototype of the basic platform exists and we briefly describe its implementation. 1

A prompting protocol permits users to securely retrieve secrets with greater entropy than passwords. The retrieved user secrets can have enough entropy to be used to derive cryptographic keys.

<input type="password"> must die! We propose that the HTML password input widget is harmful to user security, as it draws attention away from relevant security indicators, exposes a password’s keystrokes to hidden client-side code, and generally conditions users to supply sensitive information in insensitive places. In this paper we advocate private password entry: a mandatory, common authentication user experience that allows the user to enter a password for any site in private, free from snooping JavaScript. We describe a UI design for private password entry called the password booth that is backward-compatible with HTML login forms on most existing websites. It can be used to provide timely and relevant security indicators, as well as potentially unify and enhance other advances in authentication on the web. We hope that the password booth approach will, like a voting booth or a bank-card PIN pad, become a security feature that users come to expect for their own peace of mind. 1

We suggest standardizing methods for password-based authenticated key exchange. The scope of this effort is focused on methods where the client uses only a password; No supplementary keys or certificates are required. We believe this to be an important problem for cryptographic practice, and judge the area to be about ready for a standard. The scope of this effort may include methods with different forms and trust models, with varying degrees of functionality. The standard will be written in a manner that describes the security goals for these methods, and presents the essential structure of these methods with respect to these goals. The standard should specify requirements for underlying primitive operations used by these methods to facilitate the use of replaceable or upgradable components where necessary and practical. BACKGROUND OF PASSWORD-BASED AKE Consider the scenario in which there are two entities -- a client and a server -- where the client holds a password and the server ...

South Korean Internet banking systems have a unique way of enforcing security controls. Users are obliged to install proprietary security software – typically an ActiveX plugin that implements a bundle of protection mechanisms in the user’s browser. The banks and their software suppliers claim that this provides trustworthy user platforms. One side-effect is that almost everyone in Korea uses IE rather than other browsers. We conducted a survey of bank customers who use both Korean and other banking services, and found that the Korean banks ’ proprietary mechanisms impose significant usability penalties. Usability here is strongly correlated with compatability: Korean users have become stuck in an isolated backwater, and have not benefited from all the advances in mainstream browser and security technology. The proprietary mechanisms fail to provide a trustworthy platform; what’s more, alternative strategies based on trustworthy computing techniques are quite likely to suffer from the same usability problems. We conclude that transaction authentication may be the least bad of the available options. 1

2.1 Contact Information......................... 5

Abstract. We take a step towards a more realistic modeling of personal digital signatures, where a human user, his mobile equipment, his PC and a server are all considered as independent players in the protocol, and where only the human user is assumed incorruptible. We then propose a protocol for issuing digital signatures on behalf of the user. This protocol is proactively UC-secure assuming at most one player is corrupted in every operational phase. In more practical terms, this means that one can securely sign using terminals (PC’s) that are not necessarily trusted, as long as the mobile unit and the PC are not both corrupted at the same time. In other words, our solution cannot be broken by phising or key-logging via the PC. The protocol allows for mobile units with very small computing power by securely outsourcing computation to the PC and also allows usage of any PC that can communicate properly. Finally, we report on the results of a prototype implementation of our solution. 1

Many SSL/TLS-based e-commerce applications employ traditional authentication mechanisms on the client side. These mechanisms — if decoupled from SSL/TLS session establishment — are vulnerable to man-in-the-middle attacks. In this article, we examine the feasibility of such attacks, survey countermeasures, and explain the rationale behind SSL/TLS session-aware user authentication as a lightweight and privacy-enhancing alternative to the deployment and use of public key certificates on the client side. We also present different possibilities for making deployed user authentication mechanisms SSL/TLS session aware.

Abstract Certificate-based public key infrastructures are currently widely used in computational grids to support security services. From a user’s perspective, however, certificate acquisition is time-consuming and public/private key management is non-trivial. In this paper, we propose a security infrastructure for grid applications, in which users are authenticated using passwords. Our infrastructure allows a user to perform single sign-on based only on a password, without requiring a public key infrastructure. Moreover, hosting servers in our infrastructure are not required to have public key certificates. Nevertheless, our infrastructure supports essential grid security services, such as mutual authentication and delegation, using public key cryptographic techniques without incurring significant additional overheads in comparison with existing approaches.