Use this URL to cite or link to this record in EThOS:
Title: Advancements in password-based cryptography
Author: Kiefer, Franziskus
ISNI:       0000 0004 5918 7965
Awarding Body: University of Surrey
Current Institution: University of Surrey
Date of Award: 2016
Availability of Full Text:
Access from EThOS:
Access from Institution:
Password-based authentication is the most popular authentication mechanism for humans today, not only on the internet. Despite increasing efforts to move to supposedly more secure alternatives, password-based authentication is most likely to stay for the foreseeable future due to its user experience and convenience. However, although secure cryptographic protocols for password-based authentication and key-exchange exist, they are hardly used in practice. While previous work on password-based cryptography including secure password-based key-exchange, authentication, and secret sharing protocols, this thesis sets out to bring cryptographic password-based protocols closer to real world deployment as well as improving their security guarantees. To this end we propose frameworks for password-based authentication and key-exchange in the verifier-based and two-server setting as a step towards deploying cryptographically secure password-based protocols. These frameworks do not only include the authentication/key-exchange step, which has been researched before, but also investigate registration of prospective client passwords, which has not been considered before. In particular, the first step of each proposed framework is the secure registration of passwords with limited trust assumptions on server and client that requires the server to enforce a password policy for minimum security of client passwords and enables the client to compute the password verifier or password shares on the client side. While this first essential step for password-based authentication and key-exchange has hardly been explored before, the second step, the actual authentication and key-exchange protocol enjoys a large body of research in the plain single-server setting. In this thesis however we focus on the less well studied verifier-based and two-server settings where we propose new protocols for both settings and the first security model for two-server protocols in the UC framework. The theoretical work is underpinned by implementations of the password registration phase that allows the comparison of not only security but also performance of the proposed protocols. To further facilitate adoption and demonstrate usability we show real world usage of the verifier-based framework by implementing a demo application and Firefox extension that allows the use of the proposed framework for account registration and authentication.
Supervisor: Manulis, Mark Sponsor: DFG
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available