Is it too late for PAKE?

Citation

Engler, J.; Karlof, C.; Shi, E.; Song, D. PAKE-based web authentication: the good, the bad and the hurdles. IEEE Web 2.0 Security and Privacy Workshop; 2009 May 21; Oakland, CA.

Abstract

Password Authenticated Key Exchange (PAKE) is a class of cryptographic protocols that allow two parties sharing a password to authenticate each other without explicitly revealing the password in the process. PAKE protocols offer a potential improvement over current web authentication practices, e.g., HTML form-based password authentication, but there has been little progress towards integrating PAKE into web browsers and servers. In this paper, we report the results of a systematic investigation of various practical issues and challenges in deploying PAKE for web authentication. We examine three categories of issues: 1) security issues related to UI design; 2) security issues related to the browsers same origin policy; and 3) potential hurdles to deployment. We propose potential solutions for some problems and identify areas for future work.


Read more from SRI

  • A photo of Mary Wagner

    Recognizing the life and work of Mary Wagner 

    A cherished SRI colleague and globally respected leader in education research, Mary Wagner leaves behind an extraordinary legacy of groundbreaking work supporting children and youth with disabilities and their families.

  • Testing XRGo in a robotics laboratory

    Robots in the cleanroom

    A global health leader is exploring how SRI’s robotic telemanipulation technology can enhance pharmaceutical manufacturing.

  • SRI research aims to make generative AI more trustworthy

    Researchers have developed a new framework that reduces generative AI hallucinations by up to 32%.