[en] We combine two security mechanisms: using a Password-based Authenticated Key Establishment (PAKE) protocol to protect the password for access control and the Honeywords construction of Juels and Rivest to detect loss of password files. The resulting construction combines the properties of both mechanisms: ensuring that the password is intrinsically protected by the PAKE protocol during transmission and the Honeywords mechanisms for detecting attempts to exploit a compromised password file. Our constructions lead very naturally to two factor type protocols. An enhanced version of our protocol further provides protection against a compromised login server by ensuring that it does not learn the index to the true password.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Disciplines :
Sciences informatiques
Auteur, co-auteur :
LOPEZ BECERRA, José Miguel ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
ROENNE, Peter ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
RYAN, Peter ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
SALA, Petra ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Co-auteurs externes :
no
Langue du document :
Anglais
Titre :
HoneyPAKEs
Date de publication/diffusion :
27 novembre 2018
Nom de la manifestation :
Security Protocols XXVI: 26th International Workshop
Lieu de la manifestation :
Cambridge, Royaume-Uni
Date de la manifestation :
from 19-03-2018 to 21-03-2018
Sur invitation :
Oui
Manifestation à portée :
International
Titre de l'ouvrage principal :
Security Protocols XXVI: Lecture Notes in Computer Science
