Password security: a case history
Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Password Authentication Using Multiple Servers
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Yaksha: augmenting Kerberos with public key cryptography
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Networked Cryptographic Devices Resilient to Capture
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Robust software tokens: yet another method for securing user's digital identity
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
| Hi-index | 0.00 |
This paper makes simple observation on security of the networked cryptographic device resilient to capture that was developed to protect user's private keys by software-only techniques. That scheme provided valuable features for secure generation of digital signatures or decryption of messages in a way of retaining a password-protected private key in a user-controlled device. The key idea was to exploit network connectivity rather than tamper-resistance of the device for securing the private key in software. However, we have found a few weak points that are not negligible in some sense. It was difficult to protect the private key in software even with provable security. So, we will describe such difficulties and provide possible solutions in this paper. Also the networked cryptographic devices will be augmented in that fashion.