Die Dozenten der Informatik-Institute der Technischen Universität Braunschweig laden im Rahmen des Informatik-Kolloquiums zu folgendem Vortrag ein.

Prof. Dr.-Ing. Mark Manulis, Technische Universität Darmstadt, Cryptographic Protocols Group / University of Surrey, Department of Computing: Cryptographic Password Authentication with TLS Channel Bindings

Beginn: 09.02.2015, 11:00 Uhr Ort: TU Braunschweig, Informatikzentrum, Mühlenpfordtstraße 23, 1. OG, Hörsaal M 160 Webseite: http://www.ibr.cs.tu-bs.de/cal/kolloq/2015-02-09-manulis.html Kontakt: Prof. Dr. Rüdiger Kapitza

Cryptographic password authentication protocols have failed to see wide-spread adoption on the Internet despite of a rich variety of existing protocols. This is due to the fact that most proposals require extensive modifications to the Transport Layer Security (TLS) protocol, which is challenging to realize. In this talk I will present two modular constructions where a cryptographically secure password authentication protocol is run inside a confidential (but not necessarily authenticated) channel such as TLS and is securely linked to this channel to prevent application-layer man-in-the-middle attacks. The proposed approach does not require any modifications to the TLS standard and can be realized on modern desktop and mobile browsers. It relies on two channel binding mechanisms for TLS from RFC 5929 those security is analyzed in the proposed general model for Password-Authenticated and Confidential Channel Establishment (PACCE), a password-based variant of the ACCE model which has been widely used to analyze TLS security. Notably, our results can be generalized and applied to integrate cryptographic password authentication into other communication channels beyond those established through TLS.