University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Advancements in password-based cryptography.

Kiefer, Franziskus (2016) Advancements in password-based cryptography. Doctoral thesis, University of Surrey.

thesis.pdf - Version of Record
Available under License Creative Commons Attribution Non-commercial Share Alike.

Download (1MB) | Preview
Available under License Creative Commons Attribution Non-commercial Share Alike.

Download (165kB) | Preview


Password-based authentication is the most popular authentication mechanism for humans today, not only on the internet. Despite increasing efforts to move to supposedly more secure alternatives, password-based authentication is most likely to stay for the foreseeable future due to its user experience and convenience. However, although secure cryptographic protocols for password-based authentication and key-exchange exist, they are hardly used in practice. While previous work on password-based cryptography including secure password-based key-exchange, authentication, and secret sharing protocols, this thesis sets out to bring cryptographic password-based protocols closer to real world deployment as well as improving their security guarantees. To this end we propose frameworks for password-based authentication and key-exchange in the verifier-based and two-server setting as a step towards deploying cryptographically secure password-based protocols. These frameworks do not only include the authentication/key-exchange step, which has been researched before, but also investigate registration of prospective client passwords, which has not been considered before. In particular, the first step of each proposed framework is the secure registration of passwords with limited trust assumptions on server and client that requires the server to enforce a password policy for minimum security of client passwords and enables the client to compute the password verifier or password shares on the client side. While this first essential step for password-based authentication and key-exchange has hardly been explored before, the second step, the actual authentication and key-exchange protocol enjoys a large body of research in the plain single-server setting. In this thesis however we focus on the less well studied verifier-based and two-server settings where we propose new protocols for both settings and the first security model for two-server protocols in the UC framework. The theoretical work is underpinned by implementations of the password registration phase that allows the comparison of not only security but also performance of the proposed protocols. To further facilitate adoption and demonstrate usability we show real world usage of the verifier-based framework by implementing a demo application and Firefox extension that allows the use of the proposed framework for account registration and authentication.

Item Type: Thesis (Doctoral)
Subjects : Applied Cryptography
Divisions : Theses
Authors :
Date : 29 February 2016
Funders : DFG
Contributors :
ContributionNameEmailORCID, Mark
Depositing User : Franziskus Kiefer
Date Deposited : 01 Mar 2016 10:02
Last Modified : 31 Oct 2017 18:02

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800