Presentation | 2014-07-04 On Hidden Credential Retrieval SeongHan SHIN, Kazukuni KOBARA, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Hidden Credential Retrieval (HCR) protocols are designed for access credentials management where users who remember short passwords can retrieve his/her various credentials (access keys and tokens) with the help of remote storage server over insecure networks (e.g., the Internet). In this paper, we revisit a HCR protocol (we call it B-HCR) based on Boldyreva's blind signature scheme. In particular, we show that the B-HCR protocol is insecure against an outside attacker who impersonates server S. Specifically, the attacker can find out the user's password pw with off-line dictionary attacks by eavesdropping the communications between the user and a third-party online service provider. And we discuss why Boyen's security model does not capture the attacks. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Credentials Management / Passwords / On-line/Off-line Dictionary Attacks / Insider/Outsider Attacks |
Paper # | ISEC2014-32,SITE2014-27,ICSS2014-36,EMM2014-32 |
Date of Issue |
Conference Information | |
Committee | ISEC |
---|---|
Conference Date | 2014/6/26(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Information Security (ISEC) |
---|---|
Language | ENG |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | On Hidden Credential Retrieval |
Sub Title (in English) | |
Keyword(1) | Credentials Management |
Keyword(2) | Passwords |
Keyword(3) | On-line/Off-line Dictionary Attacks |
Keyword(4) | Insider/Outsider Attacks |
1st Author's Name | SeongHan SHIN |
1st Author's Affiliation | Research Institute for Secure Systems (RISEC), AIST() |
2nd Author's Name | Kazukuni KOBARA |
2nd Author's Affiliation | Research Institute for Secure Systems (RISEC), AIST |
Date | 2014-07-04 |
Paper # | ISEC2014-32,SITE2014-27,ICSS2014-36,EMM2014-32 |
Volume (vol) | vol.114 |
Number (no) | 115 |
Page | pp.pp.- |
#Pages | 5 |
Date of Issue |