Provably Secure Password-Based Authentication in TLS

M. Abdalla, E. Bresson, O. Chevassut, Bodo Möller, D. Pointcheval

2006 ACM Symposium on Information, Computer and Communications Security (ASIACCS'06),Taipei, Taiwan, März 21-24, 2006.


In this paper, we show how to design an e?cient, provably secure password-based authenticated key exchange mechanism speci?cally for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Di?eHellman ciphersuites in which the client’s Di?e-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.