Password Protected Credentials
Password authentication is a widely used entity authentication means nowadays. In password authentication, the server needs to manage a password file containing all user passwords. This poses a tremendous threat to the safety of the passwords: if the server is compromised, all passwords are immediately disclosed. A common countermeasure to this issue of single point of failure is to deploy multiple servers for secret-sharing of the passwords. In this work, we propose an alternative approach to mitigate this issue, which does not require the deployment of multiple servers. The basic idea of our approach is that the server issues to each user a credential for authentication, and the users protect their credentials using passwords. A crucial feature is that the password-protected credentials do not require secure devices for storage, thus any personal portable device can used to carry a user’s password-protected credential. This arguably retains portability of passwords. We present a concrete scheme to instantiate our approach, which is shown to be secure against off-line guessing attacks under the DDH assumption.
password authentication guessing attack single point of failure authentication credential
Yanjiang Yang Feng Bao
Institute for Infocomm Research Singapore 138632
国际会议
南京
英文
541-545
2010-11-01(万方平台首次上网日期,不代表论文的发表时间)