Summary

ITU-T Recommendation X.1035 specifies a protocol, which ensures mutual authentication of both parties in the act of establishing a symmetric cryptographic key via Diffie-Hellmanexchange. The use of Diffie-Hellmanexchange ensures the perfect forward secrecy – a property of a key establishment protocol that guarantees that compromise of a session key or long-term private key after a given session does not cause the compromise of any earlier session. With the proposed authentication method, the exchange is protected from the man-in-the-middle attack. The authentication relies on a pre-shared secret (e.g., password), which is protected (i.e., remains unrevealed) to an eavesdropper preventing an off-line dictionary attack. Thus, the protocol can be used in a wide variety of applications where pre-shared secrets based on the possibly weak password exist.