Cryptology ePrint Archive: Report 2018/976

Distributed Single Password Protocol Framework

Devriş İşler and Alptekin Kp

Abstract: Passwords are the most widely used factor in various areas such as secret sharing, key establishment, and user authentication. Single password protocols are proposed (starting with Belenkiy et. al [4]) to overcome the challenges of traditional password protocols and provide provable security against offline dictionary, man-in-the-middle, phishing, and honeypot attacks. While they ensure provable security, they allow a user securely to use a single \textit{low-entropy human memorable} password for all her accounts. They achieve this with the help of a cloud or mobile storage device. However, an attacker corrupting both the login server and storage can mount an offline dictionary attack on user's single password. In this work, we introduce a framework for distributed single password protocols (DiSPP) that analyzes existing protocols, improves upon them regarding novel constructions and distributed schemes, and allows exploiting alternative cryptographic primitives to obtain secure distributed single password protocols with various trade-offs. Previous single password solutions can be instantiated as part of our framework. We further introduce a secure DiSPP instantiation derived from our framework enforcing the adversary to corrupt several cloud and mobile storage devices in addition to the login server in order to perform a successful offline dictionary attack. We also provide a comparative analysis of different solutions derived from our framework.

Category / Keywords: Password, authentication, offline dictionary attack.

Date: received 12 Oct 2018

Contact author: disler15 at ku edu tr, akupcu@ku edu tr

Available format(s): PDF | BibTeX Citation

Version: 20181015:121949 (All versions of this report)

Short URL: ia.cr/2018/976


[ Cryptology ePrint archive ]