HPAKE HONEY PASSWORD AUTHENTICATED KEY EXCHANGE FOR FAST AND SAFER ONLINE AUTHENTICATION
Keywords:
HPAKE HONEY PASSWORD AUTHENTICATED KEY EXCHANGE FOR FAST AND SAFER ONLINE AUTHENTICATIONAbstract
Password-only authentication is one of the most popular secure mechanisms for real-world online
applications. But it easily suffers from a practical threat - password leakage, incurred by external and
internal attackers. The external attacker may compromise the password file stored on the authentication
server, and the insider may deliberately steal the passwords or inadvertently leak the passwords. So far,
there are two main techniques to address the leakage: Augmented password-authentication key exchange
(aPAKE) against insiders and honey word technique for external attackers. But none of them can resist
both attacks. To fill the gap, we propose the notion of honey PAKE (HPAKE) that allows the
authentication server to detect the password leakage and achieve the security beyond the traditional bound
of aPAKE.
