ABSTRACT
We revisit the venerable question of access credentials management, which concerns the techniques that we, humans with limited memory, must employ to safeguard our various access keys and tokens in a connected world. Although many existing solutions can be employed to protect a long secret using a short password, those solutions typically require certain assumptions on the distribution of the secret and/or the password, and are helpful against only a subset of the possible attackers.
After briefly reviewing a variety of approaches, we propose a user-centric comprehensive model to capture the possible threats posed by online and offline attackers, from the outside and the inside, against the security of both the plaintext and the password. We then propose a few very simple protocols, adapted from the Ford-Kaliski server-assisted password generator and the Boldyreva unique blind signature in particular, that provide the best protection against all kinds of threats, for all distributions of secrets. We also quantify the concrete security of our approach in terms of online and offline password guesses made by outsiders and insiders, in the random-oracle model.
The main contribution of this paper lies not in the technical novelty of the proposed solution, but in the identification of the problem and its model. Our results have an immediate and practical application for the real world: they show how to implement single-sign-on stateless roaming authentication for the internet, in a ad-hoc user-driven fashion that requires no change to protocols or infrastructure.
- Michel Abdalla, Mihir Bellare, Dario Catalano, Eike Kiltz, Tadayoshi Kohno, Tanja Lange, John Malone Lee, Gregory Neven, Pascal Paillier, and Haixia Shi. Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions. In Advances in Cryptology---CRYPTO 2005, pages 205--22, 2005. Google ScholarDigital Library
- Mihir Bellare and Silvio Micali. Non-interactive oblivious transfer and applications. In Advances in Cryptology---CRYPTO 1989, pages 547--57, 1989. Google ScholarDigital Library
- Mihir Bellare, David Pointcheval, and Philip Rogaway. Authenticated key exchange secure against dictionary attacks. In Advances in Cryptology---EUROCRYPT 2000, pages 139--55, 2000. Google ScholarDigital Library
- Steven M. Bellovin and Michael Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE Symposium on Security and Privacy---SP 1992, pages 72--84, 1992. Google ScholarDigital Library
- Steven M. Bellovin and Michael Merritt. Augmented encrypted key exchange. In ACM Conference on Computer and Communications Security---CCS 1993, pages 224--50, 1993. Google ScholarDigital Library
- Charles H. Bennett, Gilles Brassard, Claude Crépeau, and M.-H. Skubiszewska. Practical quantum oblivious transfer. In Advances in Cryptology---CRYPTO 1991, pages 351--66, 1991. Google ScholarDigital Library
- Ian F. Blake, Gadiel Seroussi, and Nigel P. Smart, editors. Advances in Elliptic Curve Cryptography, volume 317 of London Mathematical Society Lecture Note Series. Cambridge University Press, 2005. Google ScholarDigital Library
- Simon Blake-Wilson, Don Johnson, and Alfred Menezes. Key agreement protocols and their security analysis. In Proceedings of the Sixth IMA International Conference on Cryptography and Coding, pages 30--45, 1997. Google ScholarDigital Library
- Alexandra Boldyreva. Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In Public Key Cryptography---PKC 2003, pages 31--46, 2003. Google ScholarDigital Library
- Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky, and Giuseppe Persiano. Public key encryption with keyword search. In Advances in Cryptology---EUROCRYPT 2004, pages 506--22, 2004.Google ScholarCross Ref
- Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky, and W. Skeith. Public key encryption that allows PIR queries. In Advances in Cryptology---CRYPTO 2007, pages 50--67, 2007. Google ScholarDigital Library
- Dan Boneh, Ben Lynn, and Hovav Shacham. Short signatures from the Weil pairing. In Advances in Cryptology---ASIACRYPT 2001, pages 514--32, 2001. Google ScholarDigital Library
- Xavier Boyen. Halting password puzzles - hard-to-break encryption from human-memorable keys. In 16th USENIX Security Symposium---SECURITY 2007, pages 119--134. The USENIX Association, 2007. Google ScholarDigital Library
- Xavier Boyen and Brent Waters. Anonymous hierarchical identity-based encryption (without random oracles). In Advances in Cryptology---CRYPTO 2006, pages 290--307, 2006. Google ScholarDigital Library
- Victor Boyko, Philip MacKenzie, and Sarvar Patel. Provably secure password-authenticated key exchange using Diffie-Hellman. In Advances in Cryptology---EUROCRYPT 2000, 2000. Google ScholarDigital Library
- Gilles Brassard, Claude Crépeau, and Jean-Marc Robert. All-or-nothing disclosure of secrets. In Advances in Cryptology---CRYPTO 1986, pages 234--38, 1986. Google ScholarDigital Library
- Christian Cachin, Silvio Micali, and Michael Stadler. Computationally private information retrieval with polylogarithmic communication. In Advances in Cryptology---EUROCRYPT 1999, pages 402--14, 1999. Google ScholarDigital Library
- Jan Camenisch, Gregory Neven, and abhi shelat. Simulatable adaptive oblivious transfer. In Advances in Cryptology---EUROCRYPT 2007, pages 573--90, 2007. Google ScholarDigital Library
- Ran Canetti, Shai Halevi, Jonathan Katz, Yehuda Lindell, and Philip MacKenzie. Universally composable password-based key exchange. In Advances in Cryptology---EUROCRYPT 2005, pages 404--21, 2005. Google ScholarDigital Library
- Ran Canetti and Hugo Krawczyk. Analysis of key-exchange protocols and their use for building secure channels. In Advances in Cryptology---EUROCRYPT 2001, pages 453--74, 2001. Google ScholarDigital Library
- David Chaum. Blind signatures for untraceable payments. In Advances in Cryptology---CRYPTO 1982, pages 199--203, 1982.Google Scholar
- Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan. Private information retrieval. In IEEE Symposium on Foundations of Computer Science---FOCS 1995, pages 41--51, 1995. Google ScholarDigital Library
- Yevgeniy Dodis and Adam Smith. Entropic security and the encryption of high-entropy messages. In Theory of Cryptography Conference---TCC 2005, 2005. Google ScholarDigital Library
- Shimon Even, Oded Goldreich, and Abraham Lempel. A randomized protocol for signing contracts. In Advances in Cryptology---CRYPTO 1982, pages 205--10, 1982.Google Scholar
- D. Florencio and Cormac Herley. Klassp: Entering passwords on a spyware infected machine using a shared-secret proxy. In Proc. ACSAC 2006, 2006. Google ScholarDigital Library
- Warwick Ford and Burton S. Kaliski Jr. Server-assisted generation of a strong secret from a password. In Proc. IEEE 9th Int. Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pages 176--80. IEEE Press, 2000. Google ScholarDigital Library
- Steven Galbraith, Kenneth Paterson, and Nigel Smart. Pairings for cryptographers. Cryptology ePrint Archive, Report 2006/165, 2006.Google Scholar
- Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan. Password authenticated key exchange using hidden smooth subgroups. In ACM Conference on Computer and Communications Security---CCS 2005, pages 299--309. ACM Press, 2005. Google ScholarDigital Library
- Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan. A method for making password-based key exchange resilient to server compromise. In Advances in Cryptology---CRYPTO 2006, LNCS, pages 142--59. Springer-Verlag, 2006. Google ScholarDigital Library
- Oded Goldreich, Silvio Micali, and Avi Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In ACM Symposium on Theory of Computing---STOC 1987, pages 218--29, 1987. Google ScholarDigital Library
- Matthew Green and Susan Hohenberger. Blind identity-based encryption and simulatable oblivious transfer. In Advances in Cryptology---ASIACRYPT 2007, 2007. Google ScholarDigital Library
- Shai Halevi and Yael Tauman Kalai. Smooth projective hashing and two-message oblivious transfer. Cryptology ePrint Archive, Report 2007/118, 2007.Google Scholar
- Shai Halevi and Hugo Krawczyk. Public-key cryptography and password protocols. In ACM Conference on Computer and Communications Security---CCS 1998, pages 122--31. ACM Press, 1998. Google ScholarDigital Library
- D. N. Hoover and B. N. Kausik. Software smart cards via cryptographic camouflage. In IEEE Symposium on Security and Privacy---SP 1999, 1999.Google ScholarCross Ref
- Jonathan Katz and Rafail Ostrovsky. Round-optimal secure two-party computation. In Advances in Cryptology---CRYPTO 2004, pages 335--54, 2004.Google ScholarCross Ref
- Jonathan Katz, Rafail Ostrovsky, and Moti Yung. Efficient password-authenticated key exchange using human-memorable passwords. In Advances in Cryptology---CRYPTO 2001, 2001. Google ScholarDigital Library
- Joe Kilian. Founding cryptography on oblivious transfer. In ACM Symposium on Theory of Computing---STOC 1988, pages 20--31, 1988. Google ScholarDigital Library
- Kaoru Kurosawa and W. Ogata. Oblivious keyword search. Journal of Complexity, 20(2--3): 356--71, 2004. Google ScholarDigital Library
- Helger Lipmaa. An oblivious transfer protocol with log-squared communication. Cryptology ePrint Archive, Report 2004/063, 2004.Google Scholar
- Moni Naor and Benny Pinkas. Oblivious transfer with adaptive queries. In Advances in Cryptology---CRYPTO 1999, pages 573--90, 1999. Google ScholarDigital Library
- Moni Naor and Benny Pinkas. Efficient oblivious transfer protocols. In Symposium on Discrete Algorithms---SODA 2001, pages 448--57, 2001. Google ScholarDigital Library
- Andreas Pashalidis. http://www.kyps.net, 2007.Google Scholar
- Andreas Pashalidis and Chris J. Mitchell. Impostor: a single sign-on system for use from untrusted devices. In Proc. IEEE Globecom 2004, 2004.Google ScholarCross Ref
- Michael Rabin. How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard University, Aiken Computation Laboratory, 1981.Google Scholar
- A. Russell and Y. Wang. How to fool an unbounded adversary with a short key. In Advances in Cryptology---EUROCRYPT 2002, 2002. Google ScholarDigital Library
- Andrew Yao. How to generate and exchange secrets. In IEEE Symposium on Foundations of Computer Science---FOCS 1986, pages 162--67, 1986. Google ScholarDigital Library
Index Terms
- Hidden credential retrieval from a reusable password
Recommendations
Hidden credential retrieval without random oracles
WISA'10: Proceedings of the 11th international conference on Information security applicationsTo address the question of secure and efficient management of the access credentials so that a user can store and retrieve them using a 'short and easy-to-remember' password in a connected world, X. Boyen proposed a user-centric model in ASIACCS'09, ...
Concurrently-secure credential ownership proofs
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications securityWe address the case in credential systems where a credential owner wants to show her credential to a verifier without taking the risk that the ability to prove ownership of the same (and any other) credential is transferred to the verifier. We define ...
Comments