Presentations and Documents for the December 2007 Working Group Meeting


General

IEEE Patent Policy slide set

P1363

Outstanding items from last meeting:

P1363.1


P1363.2

Scope and Purpose from PAR

Scope

Specifications of common public-key cryptographic techniques for performing password-based authentication and key exchange, supplemental to the techniques considered in IEEE P1363 and IEEE P1363a. Specifications of primitives, schemes, and protocols designed to safely utilize passwords and other low-grade secrets as a basis for securing electronic transactions. Class of computer and communications systems is not restricted.

Purpose

Ensuring privacy and authenticity in personal electronic transactions is a process that necessarily involves human beings. Memorized secrets are an important factor in human authentication. Many common cryptographic methods for authentication require large, random high-grade secret keys, yet, the secrets that human beings can conveniently memorize and reliably reproduce tend to be low-grade secrets. Passwords are widely used low-grade secrets that are typically not-so-random and relatively small, and introduce risks of brute-force attack when inappropriately used as cryptographic keys.

P1363.2 will specify public-key cryptographic techniques specifically designed to securely perform password-based authentication and key exchange. These techniques provide a way to authenticate people and distribute high-quality cryptographic keys for people, while preventing off-line brute-force attacks associated with passwords. A resulting high quality key may be more confidently used in combination with other cryptographic methods, such as symmetric encryption methods and public-key encryption, identification, and digital signature methods. P1363.2 will provide a reference for a variety of such password- based techniques within a suitable framework.

It is not the purpose of this project to mandate any particular set of password-based techniques or security requirements (including key sizes). Rather, the purpose is to provide: (1) a reference for specification of a variety of techniques from which applications may select, (2) the appropriate theoretic background, and (3) extensive discussion of security and implementation considerations so that a solution provider can choose appropriate security requirements.

Scope and Purpose from balloted standard

Scope

This standard covers specifications of common public-key cryptographic techniques for performing password-based authentication and key establishment, supplemental to the techniques described in IEEE Std 1363-2000 and IEEE Std 1363a-2004. It includes specifications of primitives and schemes designed to safely utilize passwords and other low-grade secrets as a basis for securing electronic transactions, including schemes for password-authenticated key agreement and password-authenticated key retrieval.

Purpose

Ensuring privacy and authenticity in personal electronic transactions is a process that necessarily involves human beings. Memorized secrets are an important factor in human authentication. Many common cryptographic methods for authentication require large, random high-grade secret keys; yet, the secrets that human beings can conveniently memorize and reliably reproduce tend to be low-grade secrets. Passwords are widely used low-grade secrets that are typically not-so-random and relatively small, and introduce risks of brute-force attack when inappropriately used as cryptographic keys.

P1363.2 specifies public-key cryptographic techniques specifically designed to securely safely perform password-based authentication and key establishment. These techniques provide a way to authenticate people and distribute high-quality cryptographic keys for people, while preventing off-line brute-force attacks associated with passwords. A resulting high quality key may be more confidently used in combination with other cryptographic methods, such as symmetric encryption methods and public-key encryption, identification, and digital signature methods. P1363.2 provides a reference for a variety of such password-based techniques within a suitable framework.

It is not the purpose of this document to mandate any particular set of password-based techniques or security requirements (including key sizes). Rather, the purpose is to provide: (1) a reference for specification of a variety of techniques from which applications may select, (2) the appropriate theoretic background, and (3) extensive discussion of security and implementation considerations so that a solution provider can choose appropriate security requirements.


P1363.3

New documents:
Outstanding items from last meeting:
IEEE Logo IEEE Standards Logo IEEE P1363 Logo
IEEE Home Page IEEE Standards IEEE P1363