Strengthening Public Key Authentication Against Key Theft (Short Paper)

  • Martin KleppmannEmail author
  • Conrad Irwin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9551)


Authentication protocols based on an asymmetric keypair provide strong authentication as long as the private key remains secret, but may fail catastrophically if the private key is lost or stolen. Even when encrypted with a password, stolen key material is susceptible to offline brute-force attacks. In this paper we demonstrate a method for rate-limiting password guesses on stolen key material, without requiring special hardware or changes to servers. By slowing down offline attacks and enabling easy key revocation our algorithm reduces the risk of key compromise, even if a low-entropy password is used.


Authentication Protocol Stream Cipher Replay Attack Client Device Channel Binding 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We thank Alastair R. Beresford and the reviewers for their helpful feedback.


  1. 1.
    Altman, J., Williams, N., Zhu, L.: Channel bindings for TLS. IETF RFC 5929, July 2010Google Scholar
  2. 2.
    Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: Proceedings of the 10th USENIX Security Symposium, pp. 297–308, August 2001Google Scholar
  3. 3.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) protocol version 1.2. Network Working Group RFC 5246, August 2008Google Scholar
  4. 4.
    Dietz, M., Czeskis, A., Balfanz, D., Wallach, D.S.: Origin-bound certificates: a fresh approach to strong client authentication for the web. In: 21st USENIX Security Symposium, pp. 317–332, August 2012Google Scholar
  5. 5.
    Jonsson, J., Kaliski, B.: Public-key cryptography standards (PKCS) #1: RSA cryptography specifications version 2.1. Network Working Group RFC 3447, February 2003Google Scholar
  6. 6.
    Kutyłowski, M., Kubiak, P., Tabor, M., Wachnik, D.: Mediated RSA cryptography specification for additive private key splitting (mRSAA). IETF Internet Draft, November 2012Google Scholar
  7. 7.
    Lipmaa, H., Rogaway, P., Wagner, D.: Comments to NIST concerning AES modes of operations: CTR-mode encryption, September 2000Google Scholar
  8. 8.
    Parsovs, A.: Practical issues with TLS client certificate authentication. In: Network and Distributed System Security Symposium (NDSS), February 2014Google Scholar
  9. 9.
    Percival, C.: Stronger key derivation via sequential memory-hard functions. BSDCan 2009, May 2009Google Scholar
  10. 10.
    Srinivas, S., Balfanz, D., Tiffany, E., Czeskis, A.: Universal 2nd factor (U2F) overview. FIDO Alliance Proposed Standard, May 2015Google Scholar
  11. 11.
    Ylonen, T., Lonvick, C.: The Secure Shell (SSH) authentication protocol. Network Working Group RFC 4252, January 2006Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Computer LaboratoryUniversity of CambridgeCambridgeUK
  2. 2.Superhuman LabsSan FranciscoUSA

Personalised recommendations