1 / 8

IEEE P1363.2 - AMP

IEEE P1363.2 - AMP. March 25, 2004. History 1/3. May 2000 [Kw00] First proposal to IEEE P1363 February 2001 [Kw01] Presented at NDSS ’01, San Diego, CA July 2001 (personal communications) Q: Two-for-one guessing (by M. Scott) A: Possible prevention is AMP+ [Kw01]. History 2/3.

dom
Download Presentation

IEEE P1363.2 - AMP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IEEE P1363.2 - AMP March 25, 2004

  2. History 1/3 • May 2000 [Kw00] • First proposal to IEEE P1363 • February 2001 [Kw01] • Presented at NDSS ’01, San Diego, CA • July 2001 (personal communications) • Q: Two-for-one guessing (by M. Scott) • A: Possible prevention is AMP+ [Kw01]

  3. History 2/3 • October 2002 [Kw02] • First update • Slight efficiency improvement requiring a safe or secure prime • Security augmentation against two-for-one, aside from AMP+ • June 2003 [Kw03a] • Second update (the current version of AMP in the main document) • Reconsidering small orders (in validity check) due to January 2003 discussion of the meeting group • Proposal for including AMP+

  4. History 3/3 • August 2003 [Kw03b] • Proposal for TP-AMP (PAK + AMP in the augmented model) • Classifying AMP • Many-to-many guessing attack to general three-pass protocols • November 2003 [Kw03c] • Slight modification of AMP and TP-AMP • November 2003 [ISO03] • Inclusion to ISO/IEC JTC 1/SC 27 3rd WD 11770-4 • Mechanism 3 in 11770-4

  5. Advantages • Efficient in the augmented model • In the client side [Kw01,Kw03b] • Flexible with several variants in DL/EC groups • No Patent Restriction • As for TP-AMP (3-pass) • Efficient bilateral commitment scheme in the augmented model • While AMP (4-pass) and PAKZ (3-pass) are unilateral, respectively

  6. Fix • The current version of AMP and AMP+ are secure against two-for-one guessing • Please update the comparison table • Fix p as a safe or secure prime for easier validity check

  7. Discussions • Proposed techniques for AMP • Current drafted AMP (also included in [ISO03]) • TP-AMP (bilateral due to PAK + AMP) • Many-to-many guessing attack

  8. Reference • [Kw00] Ultimate Solution to Authentication via Memorable Password, May 2000 http://grouper.ieee.org/groups/1363/passwdPK/contributions.html#amp • [Kw01] Authentication and key agreement via Memorable Password, NDSS’01, San Diego, CA, February 2001 http://www.isoc.org/isoc/conferences/ndss/01/2001/papers/kwon.pdf • [Kw02] Authentication via Memorable Passwords - Revised Submission to IEEE P1363.2, October 2002 http://grouper.ieee.org/groups/1363/private/AMP-update-021031.doc • [Kw03a] Authentication via Memorable Passwords - Revised Submission to IEEE P1363.2, June 2003 http://grouper.ieee.org/groups/1363/private/AMP-update-030614.doc • [Kw03b] Summary of AMP, August 2003 http://grouper.ieee.org/groups/1363/private/AMP-update-030614.doc • [Kw03c] Addendum to Summary of AMP, November 2003 http://grouper.ieee.org/groups/1363/passwdPK/contributions/ampsummary2.pdf • [ISO03] ISO/IEC JTC 1/SC 27 3rd WD 11770-4, Information technology – Security techniques – Key management – Part 4: Mechanisms based on weak secrets, November 2003

More Related