The existing SSO systems built on distributed token generation techniques, including the PASTA framework, do not admit password-update functionality. In this work, we address this issue by proposing a password-update functionality into the PASTA framework. We call the modified framework PAS-TA-U.
As a concrete application, we instantiate PAS-TA-U to implement in Python a distributed SSH key manager for enterprise networks (ESKM) that also admits a password-update functionality for its clients. Our experiments show that the overhead of protecting secrets and credentials against breaches in our system compared to a traditional single server setup is low (average 119 ms in a 10-out-of-10 server setting on Internet with 80 ms round trip latency).
Category / Keywords: cryptographic protocols / Password-based Authentication, Threshold Cryptography Original Publication (with minor differences): SPACE 2020: Tenth International Conference on Security, Privacy and Applied Cryptographic Engineering Date: received 10 Dec 2020 Contact author: mahavir jhawar at ashoka edu in Available format(s): PDF | BibTeX Citation Version: 20201213:163946 (All versions of this report) Short URL: ia.cr/2020/1544