SESS: A Security-Enhanced Secret Storage Scheme for Password Managers
Author(s): Hao Fang, Hu Aiqun, Le Shi, Tao Li

Date: October 2015
Publication: 2015 International Conference on Wireless Communications & Signal Processing (WCSP)
Page(s): 1 - 5
Publisher: IEEE
Source 1: http://dx.doi.org/10.1109/WCSP.2015.7341010 - Subscription or payment required

Abstract or Summary:
Password-based authentication mechanism is used widely for its simplicity. However, due to the rapidly growth of computation power nowadays, low-entropy passwords and data protected by such passwords become more and more easy to attack. For against offline dictionary attacks with memorizable passwords, one may use interactive protocols, making offline guessing impossible. Then only online guessing, of which the times can be limited, remains for the attacker. In this paper we propose such a scheme, for securely storing high-entropy keys and other secret data shared in local storage and servers in the cloud, employing only low-entropy password. Even if one of the two parties in the protocol is cracked, the security of valuable data is still guaranteed. Our scheme is merely based on the assumption that one-way function exists, and is also easy to implement.



Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com