Client-Server Password Recovery

Authors:
Łukasz Chmielewski;Jaap-Henk Hoepman;Peter Rossum
Affiliations:
Digital Security Group, Radboud University Nijmegen, The Netherlands;Digital Security Group, Radboud University Nijmegen, The Netherlands and TNO Information and Communication Technology, The Netherlands;Digital Security Group, Radboud University Nijmegen, The Netherlands
Venue:
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Year:
2009

Citing 13
Cited 0

A public key cryptosystem and a signature scheme based on discrete logarithms

Proceedings of CRYPTO 84 on Advances in cryptology
Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Extracting randomness: a survey and new constructions

Journal of Computer and System Sciences
Protecting secret keys with personal entropy

Future Generation Computer Systems - Special issue on security on the Web
How to share a secret

Communications of the ACM
Error-tolerant password recovery

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Sharing Decryption in the Context of Voting or Lotteries

FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Finding smooth integers in short intervals using CRT decoding

Journal of Computer and System Sciences - Special issue on STOC 2000
Foundations of Cryptography: Volume 2, Basic Applications

Foundations of Cryptography: Volume 2, Basic Applications
Oblivious Polynomial Evaluation

SIAM Journal on Computing
An Improved Robust Fuzzy Extractor

SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Noisy polynomial interpolation and noisy chinese remaindering

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
An oblivious transfer protocol with log-squared communication

ISC'05 Proceedings of the 8th international conference on Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Human memory is not perfect --- people constantly memorize new facts and forget old ones. One example is forgetting a password, a common problem raised at IT help desks. We present several protocols that allow a user to automatically recover a password from a server using partial knowledge of the password. These protocols can be easily adapted to the personal entropy setting [7], where a user can recover a password only if he can answer a large enough subset of personal questions. We introduce client-server password recovery methods, in which the recovery data are stored at the server, and the recovery procedures are integrated into the login procedures. These methods apply to two of the most common types of password based authentication systems. The security of these solutions is significantly better than the security of presently proposed password recovery schemes. For our protocols we propose a variation of threshold encryption [5, 8, 16] that might be of independent interest.