Skip to main content
eScholarship
Open Access Publications from the University of California

Secure password-based authenticated key exchange for web services

  • Author(s): Liang, Fang
  • Meder, Samuel
  • Chevassut, Olivier
  • Siebenlist, Frank
  • et al.
Abstract

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.

Main Content
Current View