A case for redundant arrays of inexpensive disks (RAID)
SIGMOD '88 Proceedings of the 1988 ACM SIGMOD international conference on Management of data
A taxonomy for key escrow encryption systems
Communications of the ACM
Password Authentication Using Multiple Servers
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Threshold Password-Authenticated Key Exchange
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Virtual Software Tokens - A Practical Way to Secure PKI Roaming
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
An Online Credential Repository for the Grid: MyProxy
HPDC '01 Proceedings of the 10th IEEE International Symposium on High Performance Distributed Computing
Networked Cryptographic Devices Resilient to Capture
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
The MyProxy online credential repository: Research Articles
Software—Practice & Experience - Grid Security
A hardware-secured credential repository for Grid PKIs
CCGRID '04 Proceedings of the 2004 IEEE International Symposium on Cluster Computing and the Grid
An Online Credential Management Service for InterGrid Computing
APSCC '08 Proceedings of the 2008 IEEE Asia-Pacific Services Computing Conference
Hidden credential retrieval from a reusable password
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An improvement of VeriSign's key roaming service protocol
ICWE'03 Proceedings of the 2003 international conference on Web engineering
The Internet of Things: A survey
Computer Networks: The International Journal of Computer and Telecommunications Networking
Password-protected secret sharing
Proceedings of the 18th ACM conference on Computer and communications security
Optimal Location of Data Centers and Software Components in Cloud Computing Network Design
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
Data Outsourcing Simplified: Generating Data Connectors from Confidentiality and Access Policies
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
FACIUS: An Easy-to-Deploy SAML-based Approach to Federate Non Web-Based Services
TRUSTCOM '12 Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications
| Hi-index | 0.00 |
To relieve users of the burden to memorize and manage their credentials while allowing for seamless roaming between various end devices, the idea of so-called credential repositories that store credentials for users came to attention. Both the risk of the credential repository being unavailable and the risk of the credentials becoming compromised are managed by the party that hosts the credential repository and that has to be trusted by the user. Removing the need for a trust relationship to a single party implies that users have to manage the risks themselves, for instance, by splitting the credentials across multiple systems/parties. However, if the systems differ in terms of availability and vulnerability, determining a suitable splitting strategy to manage the tradeoff between credential availability and vulnerability constitutes a complex problem. In this paper we present CREDIS, an approach that supports the user in building a credential repository based on heterogeneous systems that differ in terms of vulnerability and availability. CREDIS enables users to specify requirements on the availability and the vulnerability of the distributed credential repository and determines an optimal strategy on how to split secrets across the heterogeneous systems. We prove the NP-hardness of finding an optimal strategy, introduce an approach based on Integer Linear Programming to find optimal strategies for medium sized scenarios and propose heuristics for larger ones. We show that the CREDIS approach yields a reasonably secure and available credential repository even when the distributed repository is built based on low-grade devices or systems.