Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
RFC 6628
Document | Type |
RFC - Experimental
(June 2012; No errata)
Was draft-shin-augmented-pake (individual in sec area)
|
|
---|---|---|---|
Authors | SeongHan Shin , Kazukuni Kobara | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 6628 (Experimental) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Sean Turner | ||
IESG note | Paul Hoffman is the document shepherd (paul.hoffman@vpnc.org). | ||
Send notices to | paul.hoffman@vpnc.org |
Internet Engineering Task Force (IETF) S. Shin Request for Comments: 6628 K. Kobara Category: Experimental AIST ISSN: 2070-1721 June 2012 Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2 Abstract This document describes an efficient augmented password-only authentication and key exchange (AugPAKE) protocol where a user remembers a low-entropy password and its verifier is registered in the intended server. In general, the user password is chosen from a small set of dictionary words that allows an attacker to perform exhaustive searches (i.e., off-line dictionary attacks). The AugPAKE protocol described here is secure against passive attacks, active attacks, and off-line dictionary attacks (on the obtained messages with passive/active attacks), and also provides resistance to server compromise (in the context of augmented PAKE security). In addition, this document describes how the AugPAKE protocol is integrated into the Internet Key Exchange Protocol version 2 (IKEv2). Status of This Memo This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation. This document defines an Experimental Protocol for the Internet community. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6628. Shin & Kobara Experimental [Page 1] RFC 6628 Most Efficient Augmented PAKE for IKEv2 June 2012 Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction ....................................................3 1.1. Keywords ...................................................4 2. AugPAKE Specification ...........................................4 2.1. Underlying Group ...........................................4 2.2. Notation ...................................................5 2.2.1. Password Processing .................................6 2.3. Protocol ...................................................7 2.3.1. Initialization ......................................7 2.3.2. Actual Protocol Execution ...........................7 3. Security Considerations .........................................9 3.1. General Assumptions ........................................9 3.2. Security against Passive Attacks ..........................10 3.3. Security against Active Attacks ...........................10 3.3.1. Impersonation Attacks on User U ....................10 3.3.2. Impersonation Attacks on Server S ..................11 3.3.3. Man-in-the-Middle Attacks ..........................11 3.4. Security against Off-line Dictionary Attacks ..............12 3.5. Resistance to Server Compromise ...........................12 4. Implementation Consideration ...................................13 5. AugPAKE for IKEv2 ..............................................13 5.1. Integration into IKEv2 ....................................13 5.2. Payload Formats ...........................................15 5.2.1. Notify Payload .....................................15 5.2.2. Generic Secure Password Method Payload .............16 6. IANA Considerations ............................................16 7. References .....................................................16 7.1. Normative References ......................................16 7.2. Informative References ....................................17 Appendix A. Evaluation by PAKE Selection Criteria.................19Show full document text