Password-based authentication and key distribution protocols with perfect forward secrecy

Abstract

In order to provide its services in an open networking environment, a workstation often has to identify its legitimate users. One effective method is Kerberos, which uses a trusted third-party authentication server to confirm the identity of users. Unfortunately, Kerberos is vulnerable to password guessing attacks since it requires users to utilise strong cryptographic secrets for authentication, which may be inconvenient if users use weak passwords. Our main emphasis in this work is on a system that allows users to use passwords that are simple to remember. When developing a system for authentication and key distribution, it is crucial to keep in mind both password guessing attacks and perfect forward secrecy, or PFS for short. We identify seven classes of perfect forward secrecy based on the capacity to secure the client's password, the application server's secret key, and the authentication server's private key. Protocols that achieve class-1, class- 3, and class-7 are given special attention owing to their hierarchical linkages. Afterwards, in order to guarantee absolute forward secrecy for these three categories, we provide three safe methods of authentication and key distribution. All of these techniques work well to prevent guessing and replay attacks on passwords that users have picked with less than ideal care.