Hardening Password-Based Credential Databases

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY(2024)

引用 2|浏览13
暂无评分
摘要
We propose a protection mechanism for password-based credential databases maintained by service providers against leakage, dubbed PCDL. In PCDL, each authentication credential is derived from a user's password and a salt, where a service provider employs a set of key servers to share the salt in a threshold way. With PCDL, an external adversary cannot derive any information about the underlying passwords from a compromised credential database, even if he can compromise some of the key servers. The most prominent manifestation of PCDL is transparency: integrating PCDL with existing password-based authentication schemes does not require users to perform any additional operation (and thereby does not change users' interaction patterns), yet enhances the security guarantee significantly. PCDL serves as an independent component only deployed on the service provider side to harden the credential database. As such, PCDL is well compatible with existing password-based authentication schemes. We analyze the security of PCDL and conduct a performance evaluation, which shows that PCDL is secure and efficient.
更多
查看译文
关键词
Credential database,threshold,dictionary guessing attack,key server renewal
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要