STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
All-or-nothing disclosure of secrets
Proceedings on Advances in cryptology---CRYPTO '86
Founding crytpography on oblivious transfer
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Public-key cryptography and password protocols
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Efficient oblivious transfer protocols
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
Non-Interactive Oblivious Transfer and Spplications
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Practical Quantum Oblivious Transfer
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
How to Fool an Unbounded Adversary with a Short Key
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
FOCS '95 Proceedings of the 36th Annual Symposium on Foundations of Computer Science
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Journal of Complexity - Special issue on coding and cryptography
Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)
Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)
Password authenticated key exchange using hidden smooth subgroups
Proceedings of the 12th ACM conference on Computer and communications security
KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Halting password puzzles: hard-to-break encryption from human-memorable keys
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
How to generate and exchange secrets
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Computationally private information retrieval with polylogarithmic communication
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Public key encryption that allows PIR queries
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Blind identity-based encryption and simulatable oblivious transfer
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Entropic security and the encryption of high entropy messages
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Universally composable password-based key exchange
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
A method for making password-based key exchange resilient to server compromise
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Anonymous hierarchical identity-based encryption (without random oracles)
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
HPAKE: Password Authentication Secure against Cross-Site User Impersonation
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Kamouflage: loss-resistant password management
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Towards practical anonymous password authentication
Proceedings of the 26th Annual Computer Security Applications Conference
Hidden credential retrieval without random oracles
WISA'10 Proceedings of the 11th international conference on Information security applications
Towards user-friendly credential transfer on open credential platforms
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Credential life cycle management in open credential platforms (short paper)
Proceedings of the sixth ACM workshop on Scalable trusted computing
Proceedings of the 18th ACM symposium on Access control models and technologies
Single password authentication
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
We revisit the venerable question of access credentials management, which concerns the techniques that we, humans with limited memory, must employ to safeguard our various access keys and tokens in a connected world. Although many existing solutions can be employed to protect a long secret using a short password, those solutions typically require certain assumptions on the distribution of the secret and/or the password, and are helpful against only a subset of the possible attackers. After briefly reviewing a variety of approaches, we propose a user-centric comprehensive model to capture the possible threats posed by online and offline attackers, from the outside and the inside, against the security of both the plaintext and the password. We then propose a few very simple protocols, adapted from the Ford-Kaliski server-assisted password generator and the Boldyreva unique blind signature in particular, that provide the best protection against all kinds of threats, for all distributions of secrets. We also quantify the concrete security of our approach in terms of online and offline password guesses made by outsiders and insiders, in the random-oracle model. The main contribution of this paper lies not in the technical novelty of the proposed solution, but in the identification of the problem and its model. Our results have an immediate and practical application for the real world: they show how to implement single-sign-on stateless roaming authentication for the internet, in a ad-hoc user-driven fashion that requires no change to protocols or infrastructure.