Communications of the ACM
Practical Key Recovery Schemes
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
With the increased use of encryption in business, key recovery has emerged as a critical issue to users. As encryption is deployed to protect files and network communications, users must include safeguards that prevent the inadvertent loss of data and use of the network for malicious intent. This paper explains what key recovery is, presents a refined practical model of a key recovery scheme and describes a new key recovery scheme compliant with this model. A novel feature of this key recovery scheme is that it is resistant to online guessing attack. Most of key recovery schemes used today are able to detect online guessing attack but not able to prevent it. Consequently, users face the problem of denial of service which occurs when key recovery server shuts down the service to legitimate users though temporarily as a security measure. Key recovery server also, often ask users to change password which was attacked causing further inconvenience. So, a security solution Captcha is employed in this new key recovery scheme to make it secure against online guessing attack.