Hidden Credential Retrievalについて

Presentation	2014-07-04 On Hidden Credential Retrieval SeongHan SHIN, Kazukuni KOBARA,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	Hidden Credential Retrieval (HCR) protocols are designed for access credentials management where users who remember short passwords can retrieve his/her various credentials (access keys and tokens) with the help of remote storage server over insecure networks (e.g., the Internet). In this paper, we revisit a HCR protocol (we call it B-HCR) based on Boldyreva's blind signature scheme. In particular, we show that the B-HCR protocol is insecure against an outside attacker who impersonates server S. Specifically, the attacker can find out the user's password pw with off-line dictionary attacks by eavesdropping the communications between the user and a third-party online service provider. And we discuss why Boyen's security model does not capture the attacks.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Credentials Management / Passwords / On-line/Off-line Dictionary Attacks / Insider/Outsider Attacks
Paper #	ISEC2014-32,SITE2014-27,ICSS2014-36,EMM2014-32
Date of Issue

Paper Information
Registration To	Information and Communication System Security (ICSS)
Language	ENG
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	On Hidden Credential Retrieval
Sub Title (in English)
Keyword(1)	Credentials Management
Keyword(2)	Passwords
Keyword(3)	On-line/Off-line Dictionary Attacks
Keyword(4)	Insider/Outsider Attacks
1st Author's Name	SeongHan SHIN
1st Author's Affiliation	Research Institute for Secure Systems (RISEC), AIST()
2nd Author's Name	Kazukuni KOBARA
2nd Author's Affiliation	Research Institute for Secure Systems (RISEC), AIST
Date	2014-07-04
Paper #	ISEC2014-32,SITE2014-27,ICSS2014-36,EMM2014-32
Volume (vol)	vol.114
Number (no)	117
Page	pp.pp.-
#Pages	5
Date of Issue