Abstract
Authentication protocols based on an asymmetric keypair provide strong authentication as long as the private key remains secret, but may fail catastrophically if the private key is lost or stolen. Even when encrypted with a password, stolen key material is susceptible to offline brute-force attacks. In this paper we demonstrate a method for rate-limiting password guesses on stolen key material, without requiring special hardware or changes to servers. By slowing down offline attacks and enabling easy key revocation our algorithm reduces the risk of key compromise, even if a low-entropy password is used.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Altman, J., Williams, N., Zhu, L.: Channel bindings for TLS. IETF RFC 5929, July 2010
Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: Proceedings of the 10th USENIX Security Symposium, pp. 297–308, August 2001
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) protocol version 1.2. Network Working Group RFC 5246, August 2008
Dietz, M., Czeskis, A., Balfanz, D., Wallach, D.S.: Origin-bound certificates: a fresh approach to strong client authentication for the web. In: 21st USENIX Security Symposium, pp. 317–332, August 2012
Jonsson, J., Kaliski, B.: Public-key cryptography standards (PKCS) #1: RSA cryptography specifications version 2.1. Network Working Group RFC 3447, February 2003
Kutyłowski, M., Kubiak, P., Tabor, M., Wachnik, D.: Mediated RSA cryptography specification for additive private key splitting (mRSAA). IETF Internet Draft, November 2012
Lipmaa, H., Rogaway, P., Wagner, D.: Comments to NIST concerning AES modes of operations: CTR-mode encryption, September 2000
Parsovs, A.: Practical issues with TLS client certificate authentication. In: Network and Distributed System Security Symposium (NDSS), February 2014
Percival, C.: Stronger key derivation via sequential memory-hard functions. BSDCan 2009, May 2009
Srinivas, S., Balfanz, D., Tiffany, E., Czeskis, A.: Universal 2nd factor (U2F) overview. FIDO Alliance Proposed Standard, May 2015
Ylonen, T., Lonvick, C.: The Secure Shell (SSH) authentication protocol. Network Working Group RFC 4252, January 2006
Acknowledgements
We thank Alastair R. Beresford and the reviewers for their helpful feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Kleppmann, M., Irwin, C. (2016). Strengthening Public Key Authentication Against Key Theft (Short Paper). In: Stajano, F., Mjølsnes, S.F., Jenkinson, G., Thorsheim, P. (eds) Technology and Practice of Passwords. PASSWORDS 2015. Lecture Notes in Computer Science(), vol 9551. Springer, Cham. https://doi.org/10.1007/978-3-319-29938-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-29938-9_9
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29937-2
Online ISBN: 978-3-319-29938-9
eBook Packages: Computer ScienceComputer Science (R0)