Technische Universität Braunschweig
Institute für Informatik
Einladung zum
Informatik-Kolloquium
Cryptographic Password Authentication with TLS Channel Bindings
| Redner Info | Technische Universität Darmstadt, Cryptographic Protocols Group / University of Surrey, Department of Computing |
| Beginn | 09.02.2015, 11:00 Uhr |
| Ort | TU Braunschweig, Informatikzentrum, Mühlenpfordtstraße 23, 1. OG, Hörsaal M 160 |
| Eingeladen durch | Prof. Dr. Rüdiger Kapitza |
| Cryptographic password authentication protocols have failed to see wide-spread adoption on the Internet despite of a rich variety of existing protocols. This is due to the fact that most proposals require extensive modifications to the Transport Layer Security (TLS) protocol, which is challenging to realize. In this talk I will present two modular constructions where a cryptographically secure password authentication protocol is run inside a confidential (but not necessarily authenticated) channel such as TLS and is securely linked to this channel to prevent application-layer man-in-the-middle attacks. The proposed approach does not require any modifications to the TLS standard and can be realized on modern desktop and mobile browsers. It relies on two channel binding mechanisms for TLS from RFC 5929 those security is analyzed in the proposed general model for Password-Authenticated and Confidential Channel Establishment (PACCE), a password-based variant of the ACCE model which has been widely used to analyze TLS security. Notably, our results can be generalized and applied to integrate cryptographic password authentication into other communication channels beyond those established through TLS. |
Die Dozenten der Informatik
