[en] We combine two security mechanisms: using a Password-based Authenticated Key Establishment (PAKE) protocol to protect the password for access control and the Honeywords construction of Juels and Rivest to detect loss of password files. The resulting construction combines the properties of both mechanisms: ensuring that the password is intrinsically protected by the PAKE protocol during transmission and the Honeywords mechanisms for detecting attempts to exploit a compromised password file. Our constructions lead very naturally to two factor type protocols. An enhanced version of our protocol further provides protection against a compromised login server by ensuring that it does not learn the index to the true password.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Disciplines :
Computer science
Author, co-author :
Lopez Becerra, José Miguel ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Roenne, Peter ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Ryan, Peter ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Sala, Petra ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
no
Language :
English
Title :
HoneyPAKEs
Publication date :
27 November 2018
Event name :
Security Protocols XXVI: 26th International Workshop
Event place :
Cambridge, United Kingdom
Event date :
from 19-03-2018 to 21-03-2018
By request :
Yes
Audience :
International
Main work title :
Security Protocols XXVI: Lecture Notes in Computer Science
