Proceedings of the 43rd annual Southeast regional conference - Volume 2
A novel software key container in on-line media services
Computers and Electrical Engineering
Keystroke-Based User Identification on Smart Phones
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
| Hi-index | 0.01 |
In a password-based authentication system, to authenticatea user, a server typically stores password verificationdata (PVD), which is a value derived from theuser's password using publicly known functions.For thoseusers whose passwords fall within an attacker's dictionary,their PVDs, if stolen (for example, through servercompromise), will allow the attacker to mount off-line dictionaryattacks.In this article, we describe a passwordauthentication system that can tolerate server compromises.The described system uses multiople (say n) serversto share password verification data and never reconstructsthe shared PVD during user authentications.Onlya threshold number (say t, t 驴 n) of these servers are requiredfor a user authentication and compromisingup to (t - 1) of these servers will not allow an attackerto mount off-line dictionary attacks, even if a user'spassword falls within the attacker's dictionary.Thedescribed system can still function if some of the serversare unavailable.In this paper, we give the system architectureand implementation details.Our experimental resultsshow that the described system works well.The givensystem can be used to build intrusion-tolerant applications.