Back
 JIS  Vol.7 No.3 , April 2016
Passwords Management via Split-Key
Abstract: This paper proposes a scheme for password management by storing password encryptions on a server. The method involves having the encryption key split into a share for the user and one for the server. The user’s share shall be based solely on a selected passphrase. The server’s share shall be generated from the user’s share and the encryption key. The security and trust are achieved by performing both encryption and decryption on the client side. We also address the issue of countering dictionary attack by providing a further enhancement of the scheme.
Cite this paper: Giuliani, K. , Murty, V. and Xu, G. (2016) Passwords Management via Split-Key. Journal of Information Security, 7, 206-214. doi: 10.4236/jis.2016.73016.
References

[1]   Florêncio, D. and Herley, C. (2007) A Large-Scale Study of Web Password Habits. Proceedings of the 16th International Conference on World Wide Web, Banff, May 2007, 657-666.
http://dx.doi.org/10.1145/1242572.1242661

[2]   Hayday, G. (2002) Security Nightmare: How Do You Maintain 21 Different Passwords? Silicon.com.

[3]   (2016) Roboform Reference Manual. Siber Systems Inc.

[4]   Zhao, R. and Yue, C. (2013) All Your Browser-Saved Passwords Could Belong to Us: A Security Analysis and Acloud-Based New Design. Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, San Antonio, February, 2013, 333-340.
http://dx.doi.org/10.1145/2435349.2435397

[5]   Silver, D., Jana, S., Boneh, D., Chen, E. and Jackson, C. (2014) Password Managers: Attacks and Defenses. 23rd USENIX Security Symposium (USENIX Security 14), San Diago, August 2014, 449-464.

[6]   Li, Z., He, W., Akhawe, D. and Song, D. (2014) The Emperor’s New Password Manager: Security Analysis Ofweb-Based Password Managers. 23rd USENIX Security Symposium (USENIX Security 14), San Diago, August 2014, 465-480.

[7]   Haque, T., Wright, M. and Scielzo, S. (2013) A Study of User Password Strategy for Multiple Accounts. Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, 173-176.
http://dx.doi.org/10.1145/2435349.2435373

[8]   Giuliani, K. and Murty, V.K. (2014) Split key Secure Access System. U.S. Patent No. 8,892,881.

[9]   Shamir, A. (1979) How to Share a Secret. Communications of the ACM, 22, 612-613.
http://dx.doi.org/10.1145/359168.359176

[10]   Brickell, E.F. (1989) Some Ideal Secret Sharing Schemes. Journal of Combinatorial Mathematics and Combinatorial Computing, 9, 105-113.

[11]   Bonneau, J. and Shutova, E. (2012) Linguistic Properties of Multi-Word Passphrases. Proceedings of the 16th International Conference on Financial Cryptography and Data Security, Kralendijk, March, 2012, 1-12.
http://dx.doi.org/10.1007/978-3-642-34638-5_1

 
 
Top