OALib Journal期刊
ISSN: 2333-9721
费用：99美元

投递稿件

查看量	下载量

相关文章
更多...

Journal of Information Security 2016

Passwords Management via Split-Key

DOI: 10.4236/jis.2016.73016, PP. 206-214

Kenneth Giuliani, V. Kumar Murty, Guangwu Xu

Keywords: Password Encryption, Password Storage, Identity Management, Secret Sharing

Full-Text Cite this paper Add to My Lib

Abstract:

This paper proposes a scheme for password management by storing password encryptions on a server. The method involves having the encryption key split into a share for the user and one for the server. The user’s share shall be based solely on a selected passphrase. The server’s share shall be generated from the user’s share and the encryption key. The security and trust are achieved by performing both encryption and decryption on the client side. We also address the issue of countering dictionary attack by providing a further enhancement of the scheme.

References

[1]	Florêncio, D. and Herley, C. (2007) A Large-Scale Study of Web Password Habits. Proceedings of the 16th International Conference on World Wide Web, Banff, May 2007, 657-666. http://dx.doi.org/10.1145/1242572.1242661
[2]	Hayday, G. (2002) Security Nightmare: How Do You Maintain 21 Different Passwords? Silicon.com.
[3]	(2016) Roboform Reference Manual. Siber Systems Inc.
[4]	Zhao, R. and Yue, C. (2013) All Your Browser-Saved Passwords Could Belong to Us: A Security Analysis and Acloud-Based New Design. Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, San Antonio, February, 2013, 333-340. http://dx.doi.org/10.1145/2435349.2435397
[5]	Silver, D., Jana, S., Boneh, D., Chen, E. and Jackson, C. (2014) Password Managers: Attacks and Defenses. 23rd USENIX Security Symposium (USENIX Security 14), San Diago, August 2014, 449-464.
[6]	Li, Z., He, W., Akhawe, D. and Song, D. (2014) The Emperor’s New Password Manager: Security Analysis Ofweb-Based Password Managers. 23rd USENIX Security Symposium (USENIX Security 14), San Diago, August 2014, 465-480.
[7]	Haque, T., Wright, M. and Scielzo, S. (2013) A Study of User Password Strategy for Multiple Accounts. Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, 173-176. http://dx.doi.org/10.1145/2435349.2435373
[8]	Giuliani, K. and Murty, V.K. (2014) Split key Secure Access System. U.S. Patent No. 8,892,881.
[9]	Shamir, A. (1979) How to Share a Secret. Communications of the ACM, 22, 612-613. http://dx.doi.org/10.1145/359168.359176
[10]	Brickell, E.F. (1989) Some Ideal Secret Sharing Schemes. Journal of Combinatorial Mathematics and Combinatorial Computing, 9, 105-113.
[11]	Bonneau, J. and Shutova, E. (2012) Linguistic Properties of Multi-Word Passphrases. Proceedings of the 16th International Conference on Financial Cryptography and Data Security, Kralendijk, March, 2012, 1-12. http://dx.doi.org/10.1007/978-3-642-34638-5_1

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133