Sciweavers

CTRSA
2001
Springer

Password Authentication Using Multiple Servers

14 years 5 months ago
Password Authentication Using Multiple Servers
Safe long-term storage of user private keys is a problem in client/server systems. The problem can be addressed with a roaming system that retrieves keys on demand from remote credential servers, using password authentication protocols that prevent password guessing attacks from the network. Ford and Kaliski’s methods [11] use multiple servers to further prevent guessing attacks by an enemy that compromises all but one server. Their methods use a previously authenticated channel which requires client-stored keys and certificates, and may be vulnerable to offline guessing in server spoofing attacks when people must positively identify servers, but don’t. We present a multi-server roaming protocol in a simpler model without this need for a prior secure channel. This system requires fewer security assumptions, improves performance with comparable cryptographic assumptions, and better handles human errors in password entry.
David P. Jablon
Added 28 Jul 2010
Updated 28 Jul 2010
Type Conference
Year 2001
Where CTRSA
Authors David P. Jablon
Comments (0)