[Brown CS Talks] Brown CS Seminar: Jonathan Katz in Lubrano on 3/11/02 at noon.

[talks-admin@list.cs.brown.edu]

			      CS Seminar
		  
		  The Department of Computer Science
			   BROWN UNIVERSITY

			      
			       presents

			    Jonathan Katz

			 Columbia University

		    Monday, March 11, 2002 at noon
	       Lubrano Conference Room (CIT 4th floor)
	       Refreshments will be served at 11:45 am
			       

    ``Efficient and Secure Authentication Using Short Passwords''
 

			       Abstract

A long-standing goal of computer security has been to design protocols
for user authentication and authenticated key exchange which are
secure even when users choose ``weak'' (i.e., low-entropy) passwords as
is typically the case. Commonly-used protocols are secure when users
choose long, hard-to-remember secrets, but are completely vulnerable
to off-line dictionary attacks when short, easily-memorized passwords
are used.

We propose the first efficient protocols for password-only
authentication and authenticated key exchange which are provably
secure against off-line dictionary attacks. Proofs of security rely on
standard cryptographic assumptions, and the protocols require only
slightly more computation than the original key exchange protocol of
Diffie and Hellman (which provides no authentication at all).

We also discuss more recent work on password-based authentication and
authenticated key exchange in the setting where a secure PKI is
available.  We demonstrate the first efficient protocols for these
tasks whose security may be based on, for example, the RSA assumption
or the hardness of factoring.





			   Host:  Professor Steve Reiss