TU Darmstadt / ULB / TUbiblio

Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing

Mayer, Peter ; Volkamer, Melanie (2015)
Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing.
Los Angeles, CA, USA
doi: 10.1145/2818000.2818043
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The ubiquitous usage of mobile devices in public spaces increases the risk of falling victim to shoulder surfing attacks, i.e. being observed by others during authentication. A promising approach to mitigating such shoulder surfing risks is portfolio authentication. It requires only an authorized subset of the password as input during each authentication attempt. One open challenge regarding portfolio authentication is how to securely and efficiently verify that a user input is actually an authorized subset of the password. In this paper we propose the (t, n)-threshold verification scheme, a novel scheme using Blakley secret sharing to provide secure verification of all authorized subsets of the password. Due to the lack of a viable alternative, we evaluate the efficiency of the (t, n)-threshold verification scheme in comparison to a naive approach. In terms of storage, the (t, n)-threshold verification scheme outperforms the naive approach in all settings and it offers lower computation times in most settings.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2015
Autor(en): Mayer, Peter ; Volkamer, Melanie
Art des Eintrags: Bibliographie
Titel: Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing
Sprache: Englisch
Publikationsjahr: Dezember 2015
Verlag: ACM
Buchtitel: Proceedings of the 31st Annual Computer Security Applications Conference
Reihe: ACSAC 2015
Veranstaltungsort: Los Angeles, CA, USA
DOI: 10.1145/2818000.2818043
Zugehörige Links:
Kurzbeschreibung (Abstract):

The ubiquitous usage of mobile devices in public spaces increases the risk of falling victim to shoulder surfing attacks, i.e. being observed by others during authentication. A promising approach to mitigating such shoulder surfing risks is portfolio authentication. It requires only an authorized subset of the password as input during each authentication attempt. One open challenge regarding portfolio authentication is how to securely and efficiently verify that a user input is actually an authorized subset of the password. In this paper we propose the (t, n)-threshold verification scheme, a novel scheme using Blakley secret sharing to provide secure verification of all authorized subsets of the password. Due to the lack of a viable alternative, we evaluate the efficiency of the (t, n)-threshold verification scheme in comparison to a naive approach. In terms of storage, the (t, n)-threshold verification scheme outperforms the naive approach in all settings and it offers lower computation times in most settings.

Freie Schlagworte: Security, Usability and Society;Secure Data
ID-Nummer: TUD-CS-2015-1232
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 12 Jan 2019 21:21
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen