{"title":"Securing password recovery through dispersion","authors":"S. Jajodia, W. Litwin, T. Schwarz","doi":"10.1109/CASoN.2012.6412407","DOIUrl":null,"url":null,"abstract":"Passwords form the Achilles heel of most uses of modern cryptography. Key recovery is necessary to provide continuous access to documents and other electronic assets in spite of possible loss of a password. Key escrow services provide key recovery for the owner, but need to be trusted. Additionally, a user might want to divulge passwords in case of his/her death or incapacitation, but not before. We present here a scheme that uses dispersion to provide trusted escrow services. Our scheme uses secret sharing to disperse password recovery information over several escrow services that authenticate based on a weak password. To protect against dictionary attacks, each authentication attempt takes a noticeable, but tolerable time (e.g. minutes). We achieve this by having the share of the secret be the solution of a puzzle that is solved by brute force in time depending on the number of processors employed. This additionally prevents escrow agencies from optimizing their part in recovering a password by pre-computing and storing their share in a more accessible and hence vulnerable format.","PeriodicalId":431370,"journal":{"name":"2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)","volume":"98 ","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CASoN.2012.6412407","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Passwords form the Achilles heel of most uses of modern cryptography. Key recovery is necessary to provide continuous access to documents and other electronic assets in spite of possible loss of a password. Key escrow services provide key recovery for the owner, but need to be trusted. Additionally, a user might want to divulge passwords in case of his/her death or incapacitation, but not before. We present here a scheme that uses dispersion to provide trusted escrow services. Our scheme uses secret sharing to disperse password recovery information over several escrow services that authenticate based on a weak password. To protect against dictionary attacks, each authentication attempt takes a noticeable, but tolerable time (e.g. minutes). We achieve this by having the share of the secret be the solution of a puzzle that is solved by brute force in time depending on the number of processors employed. This additionally prevents escrow agencies from optimizing their part in recovering a password by pre-computing and storing their share in a more accessible and hence vulnerable format.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
