Authentication: Password-based Protocols And Applications

Password is widely used as an authentication mechanism. But nowadays mostpassword-based authefltication protocol are not secure against Guessing Attack. Forthis reason, we modify the famous Diffie-Hellman Key Exchange to providepassword-based authenticated key exchange against Guessing Attack.We design two protocol: SymPassword and AsyPassword. They suit forsymmetric user-user authenhcation and asymmetric client/server authentication,respectively. The AsyPassword protocol can provide some security against servercomprmise, but is more complex than SymPassword.On the Random Oracle Model which focuses on distribued securitycommunication, we prove tha SymPassword and AsyPassword are both securepassword-based authereicated key exchange protocol.At last, we modify the IKE protocol to add tWo authentication methods whichare based on SymPassword and AsyPassword respectively, and modify TLS protocolto add an anthentication method which is based on AsyPassword.