Public key versus symmetric key cryptography in client–server authentication protocols.

PUBLIC key cryptography; RSA algorithm; CRYPTOGRAPHY; ELLIPTIC curve cryptography

Every month, several new protocols are popping up, comparing themselves with a few others and claiming to outperform the whole state of the art. The most popular domain of protocols is the one for authentication in a client–server architecture for which both symmetric key- and public key-based protocols are being proposed. The usage of public key-based mechanisms has several consequences, not only with respect to an increased computational and communication cost, but also with respect to increased possibilities to strengthen the protocol by making it resistant against a semi-trusted third party. On the other hand, we also recall that symmetric key-based protocols can already offer a nice set of security features. We see a trend in the current generation of papers published on public key-based client–server authentication protocols, showing that only a very limited amount of them really exploit the power that public key cryptography can offer with respect to this privacy towards a semi-trusted third party, and most of them do not even satisfy the same security features able to be also realised by a much more efficient symmetric key-based protocol. This paper serves as a warm wake-up call to all protocol designers to rethink the usage of more heavyweight constructions compared to symmetric key-based mechanisms in order to ensure that if they are used, they also fully exploit their inherent strength. [ABSTRACT FROM AUTHOR]

Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)