ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Error-tolerant password recovery
Full text PdfPdf (250 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 8th ACM conference on Computer and Communications Security table of contents
Philadelphia, PA, USA
Session: Password Management and Digital Signatures table of contents
Pages: 1 - 9  
Year of Publication: 2001
ISBN:1-58113-385-5
Authors
Niklas Frykholm  RSA Laboratories, Bedford, MA
Ari Juels  RSA Laboratories, Bedford, MA
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 11,   Downloads (12 Months): 63,   Citation Count: 6
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/501983.501985
What is a DOI?

ABSTRACT

Many encryption systems require the user to memorize high entropy passwords or passphrases and reproduce them exactly. This is often a difficult task. We propose a more fault-tolerant scheme, where a high entropy key (or password) is derived from a sequence of low entropy passwords. The user is able to recover the correct key if she remembers a certain percentage of the passwords correctly. In contrast to other systems that have been proposed for fault-tolerant passwords, our basic design is provably secure against a computationally unbounded attacker.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Biometrics consortium,2001.Website at http://www.biometrics.org.
 
2
G.Blakely.Safeguarding cryptographic keys.In AFIPS Conference Proceedings 1979:National Computer Conference ,volume 48,pages 313 -317, June 1979.
 
3
D.Bleichenbacher and P.Q.Nguyen.Noisy polynomial interpolation and noisy Chinese remaindering.In B.Preneel,editor,Advances in Cryptology -EUROCRYPT '00 ,pages 53 -69. Springer-Verlag,2000.LNCS no.1807.
 
4
Carl Ellison , Chris Hall , Randy Milbert , Bruce Schneier, Protecting secret keys with personal entropy, Future Generation Computer Systems, v.16 n.4, p.311-318, Feb. 2000  [doi>10.1016/S0167-739X(99)00055-2]
 
5
Warwick Ford , Burton S. Kaliski, Jr., Server-Assisted Generation of a Strong Secret from a Password, Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, p.176-180, June 04-16, 2000
 
6
N.Frykholm.Passwords:Beyond the terminal interaction odel.Master 's thesis,Ume~ University, Department of Computing Science,2000.UMNAD 298/2000.
 
7
V.Guruswami and M.Sudan.Improved decoding of Reed-Solomon and algebraic-geometry codes.IEEE TOIT:IEEE Transactions on Information Theory , 45:1757 -1767,Oct.1999.
 
8
I.Jermyn,A.Mayer,F.Monrose,M.K.Reiter,and A.D.Rubin.The design and analysis of graphical passwords.In 8th USENIX Security Symposium ,pages 1 -14,Washington,D.C.,USA,Aug.1999.USENIX.
9
Ari Juels , Martin Wattenberg, A fuzzy commitment scheme, Proceedings of the 6th ACM conference on Computer and communications security, p.28-36, November 01-04, 1999, Kent Ridge Digital Labs, Singapore  [doi>10.1145/319709.319714]
 
10
RSA.PKCS #5:Password-based cryptography standard 2.0,Mar.1999. http://www.rsasecurity.com/rsalabs/pkcs/pkcs- 5/index.html.
11
Adi Shamir, How to share a secret, Communications of the ACM, v.22 n.11, p.612-613, Nov. 1979  [doi>10.1145/359168.359176]
 
12
Statistics Sweden,2001.Website at http://www.scb.se/eng/index.asp.
 
13
D.Stinson.Universal hash families and the leftover hash lemma,and applications to cryptography and computing,jan 2001. http://citeseer.nj.nec.com/stinson01universal.html.
 
14
Hacker takes credit-card nu bers.Washington Post , (Tuesday,January 11):E02,2000.

CITED BY  6
Mike Just, On the Design of Challenge Question Systems, IEEE Security and Privacy, v.2 n.5, p.32-39, September 2004
Xavier Boyen, Reusable cryptographic fuzzy extractors, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
Ari Juels , Madhu Sudan, A Fuzzy Vault Scheme, Designs, Codes and Cryptography, v.38 n.2, p.237-257, February 2006
John Brainard , Ari Juels , Burt Kaliski , Michael Szydlo, A new two-server approach for authentication with short secrets, Proceedings of the 12th conference on USENIX Security Symposium, p.14-14, August 04-08, 2003, Washington, DC
Markus Jakobsson , Liu Yang , Susanne Wetzel, Quantifying the security of preference-based authentication, Proceedings of the 4th ACM workshop on Digital identity management, October 31-31, 2008, Alexandria, Virginia, USA
Mike Just , David Aspinall, Personal choice and challenge questions: a security and usability assessment, Proceedings of the 5th Symposium on Usable Privacy and Security, July 15-17, 2009, Mountain View, California

INDEX TERMS

Primary Classification:
  E. Data
  E.3 DATA ENCRYPTION

Additional Classification:
  E. Data
  E.4 CODING AND INFORMATION THEORY
      Subjects: Error control codes

  H. Information Systems
  H.1 MODELS AND PRINCIPLES
      H.1.2 User/Machine Systems
          Subjects: Human factors


General Terms:
Human Factors, Security


Keywords:
Reed-Solomon codes, error-correcting codes, fault-tolerance, fuzzy commitment, password ensembles, password recovery

Collaborative Colleagues:
Niklas Frykholm: colleagues
Ari Juels: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player