Encrypted key exchange
Encyclopedia
Encrypted Key Exchange is a family of password-authenticated key agreement
methods described by Steven M. Bellovin
and Michael Merritt. Although several of the forms of EKE in this paper were later found to be flawed, the surviving, refined, and enhanced forms of EKE effectively make this the first method to amplify a shared password
into a shared key, where the shared key may subsequently be used to provide a zero-knowledge password proof
or other functions.
In the most general form of EKE, at least one party encrypts an ephemeral (one-time) public key using a password, and sends it to a second party, who decrypts it and uses it to negotiate a shared key with the first party.
A second paper describes Augmented-EKE, and introduced the concept of augmented password-authenticated key agreement
for client/server scenarios. Augmented methods have the added goal of ensuring that password verification data stolen from a server cannot be used by an attacker to masquerade as the client, unless the attacker first determines the password (e.g. by performing a brute force attack on the stolen data).
A version of EKE based on Diffie-Hellman
, known as DH-EKE, has survived attack and has led to improved variations, such as the PAK family of methods in IEEE P1363.2
.
With the US patent on EKE expiring in late 2011, an EAP
authentication method using EKE was published as an IETF RFC. The EAP method uses the Diffie-Hellman variant of EKE.
Password-authenticated key agreement
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
methods described by Steven M. Bellovin
Steven M. Bellovin
Steven M. Bellovin is a researcher on computer networking and security. He is currently a Professor in the Computer Science department at Columbia University, having previously been a Fellow at AT&T Labs Research in Florham Park, New Jersey.- Career :...
and Michael Merritt. Although several of the forms of EKE in this paper were later found to be flawed, the surviving, refined, and enhanced forms of EKE effectively make this the first method to amplify a shared password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
into a shared key, where the shared key may subsequently be used to provide a zero-knowledge password proof
Zero-knowledge password proof
In cryptography, a zero-knowledge password proof is an interactive method for one party to prove to another party that it knows a value of a password, without revealing anything other than the fact that it knows that password to the verifier...
or other functions.
In the most general form of EKE, at least one party encrypts an ephemeral (one-time) public key using a password, and sends it to a second party, who decrypts it and uses it to negotiate a shared key with the first party.
A second paper describes Augmented-EKE, and introduced the concept of augmented password-authenticated key agreement
Password-authenticated key agreement
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
for client/server scenarios. Augmented methods have the added goal of ensuring that password verification data stolen from a server cannot be used by an attacker to masquerade as the client, unless the attacker first determines the password (e.g. by performing a brute force attack on the stolen data).
A version of EKE based on Diffie-Hellman
Diffie-Hellman key exchange
Diffie–Hellman key exchange Synonyms of Diffie–Hellman key exchange include:*Diffie–Hellman key agreement*Diffie–Hellman key establishment*Diffie–Hellman key negotiation...
, known as DH-EKE, has survived attack and has led to improved variations, such as the PAK family of methods in IEEE P1363.2
IEEE P1363
IEEE P1363 is an Institute of Electrical and Electronics Engineers standardization project for public-key cryptography. It includes specifications for:* Traditional public-key cryptography...
.
With the US patent on EKE expiring in late 2011, an EAP
Extensible Authentication Protocol
Extensible Authentication Protocol, or EAP, is an authentication framework frequently used in wireless networks and Point-to-Point connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and was updated by RFC 5247....
authentication method using EKE was published as an IETF RFC. The EAP method uses the Diffie-Hellman variant of EKE.