Strengthening Public Key Authentication Against Key Theft (short paper)
Author(s): Martin Kleppmann, Conrad Irwin

Date: December 2015
Publication: 9th International Conference on Passwords (Passwords15 London). Lecture Notes in Computer Science, Volume 9551
Page(s): 144 - 150
Publisher: Springer
Source 1: https://martin.kleppmann.com/papers/mrsa-pass15.pdf
Source 2: https://www.cl.cam.ac.uk/research/dtg/www/files/publications/public/mk428/pass15.pdf
Source 3: https://dx.doi.org/10.1007/978-3-319-29938-9_9 - Subscription or payment required

Abstract:
Authentication protocols based on an asymmetric keypair provide strong authentication as long as the private key remains secret, but may fail catastrophically if the private key is lost or stolen. Even when encrypted with a password, stolen key material is susceptible to offline brute-force attacks. In this paper we demonstrate a method for rate-limiting password guesses on stolen key material, without requiring special hardware or changes to servers. By slowing down offline attacks and enabling easy key revocation our algorithm reduces the risk of key compromise, even if a low-entropy password is used.

PasswordResearch.com Note: Video of presentation available: https://www.youtube.com/watch?v=8aENZMoiRZg


Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com