TU Darmstadt / ULB / TUbiblio

Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing

Mayer, Peter and Volkamer, Melanie (2015):
Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing.
In: Proceedings of the 31st Annual Computer Security Applications Conference, ACM, Los Angeles, CA, USA, In: ACSAC 2015, ISBN 978-1-4503-3682-6,
DOI: 10.1145/2818000.2818043,
[Conference or Workshop Item]

Abstract

The ubiquitous usage of mobile devices in public spaces increases the risk of falling victim to shoulder surfing attacks, i.e. being observed by others during authentication. A promising approach to mitigating such shoulder surfing risks is portfolio authentication. It requires only an authorized subset of the password as input during each authentication attempt. One open challenge regarding portfolio authentication is how to securely and efficiently verify that a user input is actually an authorized subset of the password. In this paper we propose the (t, n)-threshold verification scheme, a novel scheme using Blakley secret sharing to provide secure verification of all authorized subsets of the password. Due to the lack of a viable alternative, we evaluate the efficiency of the (t, n)-threshold verification scheme in comparison to a naive approach. In terms of storage, the (t, n)-threshold verification scheme outperforms the naive approach in all settings and it offers lower computation times in most settings.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Mayer, Peter and Volkamer, Melanie
Title: Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing
Language: English
Abstract:

The ubiquitous usage of mobile devices in public spaces increases the risk of falling victim to shoulder surfing attacks, i.e. being observed by others during authentication. A promising approach to mitigating such shoulder surfing risks is portfolio authentication. It requires only an authorized subset of the password as input during each authentication attempt. One open challenge regarding portfolio authentication is how to securely and efficiently verify that a user input is actually an authorized subset of the password. In this paper we propose the (t, n)-threshold verification scheme, a novel scheme using Blakley secret sharing to provide secure verification of all authorized subsets of the password. Due to the lack of a viable alternative, we evaluate the efficiency of the (t, n)-threshold verification scheme in comparison to a naive approach. In terms of storage, the (t, n)-threshold verification scheme outperforms the naive approach in all settings and it offers lower computation times in most settings.

Title of Book: Proceedings of the 31st Annual Computer Security Applications Conference
Series Name: ACSAC 2015
Publisher: ACM
ISBN: 978-1-4503-3682-6
Uncontrolled Keywords: Security, Usability and Society;Secure Data
Divisions: 20 Department of Computer Science
20 Department of Computer Science > SECUSO - Security, Usability and Society
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Event Location: Los Angeles, CA, USA
Date Deposited: 28 Jul 2016 18:35
DOI: 10.1145/2818000.2818043
Identification Number: TUD-CS-2015-1232
Related URLs:
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item