Skip to main content
SpringerLink
Log in

Networked cryptographic devices resilient to capture

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

We present a simple technique by which a device that performs private key operations (signatures or decryptions) in networked applications and whose local private key is activated with a password or PIN can be immunized to offline dictionary attacks in case the device is captured. Our techniques do not assume tamper resistance of the device but rather exploit the networked nature of the device in that the device’s private key operations are performed using a simple interaction with a remote server. This server, however, is untrusted – its compromise does not reduce the security of the device’s private key unless the device is also captured – and need not have a prior relationship with the device. We further extend this approach with support for key disabling, by which the rightful owner of a stolen device can disable the device’s private key even if the attacker already knows the user’s password.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Asokan N, Tsudik G, Waidner M (1997) Server-supported signatures. J Comp Secur 5(1):91–108

    Article  Google Scholar 

  2. Béguin P, Quisquater JJ (1995) Fast server-aided RSA signatures secure against active attacks. In: Advances in cryptology – CRYPTO ’95, Santa Barbara, August 1995. Lecture notes in computer science, vol 963, Springer, Berlin Heidelberg New York, pp 57–69

  3. Bellare M, Desai A, Pointcheval D, Rogaway P (1998) Relations among notions of security for public-key encryption schemes. In: Advances in cryptology – CRYPTO ’98, Santa Barbara, August 1998. Lecture notes in computer science, vol 1462, Springer, Berlin Heidelberg New York, pp 26–45

  4. Bellare M, Miner S (1999) A forward-secure digital signature scheme. In: Advances in cryptology – CRYPTO ’99, Santa Barbara, August 1999. Lecture notes in computer science, vol 1666, Springer, Berlin Heidelberg New York, pp 431–438

  5. Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Advances in cryptology – EUROCRYPT 2000, Brugge, Belgium, May 2000. Lecture notes in computer science, vol 1807, Springer, Berlin Heidelberg New York, pp 139–155

  6. Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM conference on computer and communications security, Fairfax, VA, November 1993, pp 62–73

  7. Bellare M, Rogaway P (1995) Optimal asymmetric encryption. In: Advances in cryptology – EUROCRYPT ’94, May 1994, Perugia, Italy. Lecture notes in computer science, vol 950, Springer, Berlin Heidelberg New York, pp 92–111

  8. Bellare M, Rogaway P (1996) The exact security of digital signatures – how to sign with RSA and Rabin. In: Advances in cryptology – EUROCRYPT ’96, May, Zaragoza, Spain. Lecture notes in computer science, vol 1070, Springer, Berlin Heidelberg New York, pp 399–416

  9. Bellovin SM, Merritt M (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE symposium on security and privacy, Oakland, CA, pp 72–84

  10. Boyd C (1989) Digital multisignatures. In: Beker HJ, Piper FC (eds) Cryptography and coding. Clarendon Press, Oxford, pp 241–246

  11. Boyko V, MacKenzie P, Patel S (2000) Provably secure password authentication and key exchange using Diffie-Hellman. In: Advances in cryptology – EUROCRYPT 2000, May, Brugge, Belgium. Lecture notes in computer science, vol 1807, Springer, Berlin Heidelberg New York, pp 156–171

  12. Canetti R, Goldreich O, Halevi S (1998) The random oracle methodology, revisited. In: Proceedings of the 30th ACM symposium on theory of computing, Dallas, May 1998, pp 209–218

  13. Cramer R, Shoup V (1998) A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Advances in cryptology – CRYPTO ’98, Santa Barbara, August 1996. Lecture notes in computer science, vol 1462, Springer, Berlin Heidelberg New York, pp 13–25

  14. Denning DE (1984) Digital signatures with RSA and other public-key cryptosystems. Commun ACM 27(4):388–392

    Article  MathSciNet  Google Scholar 

  15. Dierks C, Allen T (1999) The TLS protocol version 1.0. IETF Request for Comments 2246, January 1999

  16. Dean D, Berson T, Franklin M, Smetters D, Spreitzer M (2001) Cryptography as a network service. In: Proceedings of the 2001 ISOC symposium on network and distributed system security, San Diego, February 2001

  17. ElGamal T (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inform Theory 31:469–472

    Article  MathSciNet  Google Scholar 

  18. Feldmeier D, Karn P (1990) UNIX password security – ten years later. In: Advances in cryptology – CRYPTO ’89, Santa Barbara, August 1989. Lecture notes in computer science, vol 435, Springer, Berlin Heidelberg New York, pp 44–63

  19. Ford W, Kaliski Jr BS (2000) Server-assisted generation of a strong secret from a password. In: Proceedings of the 5th IEEE international workshop on enterprise security, Gaithersburg, MD June 2000

  20. Ganesan R (1995) Yaksha: augmenting Kerberos with public key cryptography. In: Proceedings of the 1995 ISOC network and distributed system security symposium, San Diego, February 1995, pp 132–143

  21. Goldreich O, Goldwasser S, Micali S (1984) How to construct random functions. J ACM 33(4):792–807

    Article  MathSciNet  Google Scholar 

  22. Goldwasser S, Micali S, Rivest RL (1988) A digital signature scheme secure against adaptive chosen-message attacks. SIAM J Comp 17(2):281–308

    Article  MathSciNet  Google Scholar 

  23. Håstad J, Honsson J, Juels A, Yung M (2000) Funkspiel schemes: An alternative to conventional tamper resistance. In: Proceedings of the 7th ACM conference on computer and communications security, Athens, Greece, November 2000, pp 125–133

  24. Halevi S, Krawczyk H (1998) Public-key cryptography and password protocols. In: Proceedings of the 5th ACM conference on computer and communications security, San Francisco, November 1998, pp 122–131

  25. Hoover DN, Kausik BN (1999) Software smart cards via cryptographic camouflage. In: Proceedings of the 1999 IEEE symposium on security and privacy, Oakland, CA, May 1999, pp 208–215

  26. Hong S, Shin J, Lee-Kwang H, Yoon H (1998) A new approach to server-aided secret computation. In: Proceedings of the 1st international conference on information security and cryptology, Seoul, South Korea, December 1998, pp 33–45

  27. Jablon D (1996) Strong password-only authenticated key exchange. ACM Comput Commun Rev 26(5):5–20

    Article  Google Scholar 

  28. Klein D (1990) Foiling the cracker: a survey of, and improvements to, password security. In: Proceedings of the 2nd USENIX security workshop, Portland, OR, August 1990, pp 5–14

  29. Kravitz DW (1993) Digital signature algorithm. U.S. Patent 5,231,668, 27 July 1993

  30. Krawczyk H (2000) Simple forward-secure signatures from any signature scheme. In: Proceedings of the 7th ACM conference on computer and communication security, Athens, Greece, November 2000, pp 108–115

  31. Lomas TMA, Gong L, Saltzer JH, Needham RM (1989) Reducing risks from poorly chosen keys. ACM Operat Sys Rev 23(5):14–18

    Article  Google Scholar 

  32. MacKenzie P, Patel S, Swaminathan R (2000) Password authenticated key exchange based on RSA. In: Advances in cryptology – ASIACRYPT 2000, Kyoto, Japan, December 2000. Lecture notes in computer science, vol 1976, pp 599–613

  33. MacKenzie P, Reiter MK (2001) Two-party generation of DSA signatures. In: Advances in cryptology – CRYPTO 2001, Santa Barbara, August 2001. Lecture notes in computer science, vol 2139, Springer, Berlin Heidelberg New York, pp 137–154

  34. Matsumoto T, Kato K, Imai H (1989) Speeding up computation with insecure auxiliary devices. In: Advances in cryptology – CRYPTO ’88, Santa Barbara, August 1989. Lecture notes in computer science, vol 403, Springer, Berlin Heidelberg New York, pp 497–506

  35. Maurer U, Wolf S (2000) The Diffie-Hellman protocol. Designs Codes Cryptogr 19:147–171. Kluwer, Amsterdam

    Article  Google Scholar 

  36. Morris R, Thompson K (1979) Password security: a case history. Commun ACM 22(11):594–597

    Article  Google Scholar 

  37. Perlman R, Kaufman C (1999) Secure password-based protocol for downloading a private key. In: Proceedings of the 1999 network and distributed system security symposium, San Diego, February 1999

  38. Rackoff C, Simon D (1991) Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Advances in cryptology – CRYPTO ’91, Santa Barbara, August 1991. Lecture notes in computer science, vol 576, Springer, Berlin Heidelberg New York, pp 433–444

  39. Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126

    Article  MathSciNet  Google Scholar 

  40. Shoup V, Gennaro R (1998) Securing threshold cryptosystems against chosen ciphertext attack. In: Advances in cryptology – EUROCRYPT ’98 Helsinki, June 1998. Lecture notes in computer science, vol 1403, Springer, Berlin Heidelberg New York, pp 1–16

  41. Wu T (1999) The secure remote password protocol. In: Proceedings of the 1998 network and distributed system security symposium, San Diego, February 1999

  42. Wu T (1999) A real-world analysis of Kerberos password security. In: Proceedings of the 1999 network and distributed system security symposium, San Diego, February 1999

Download references

Author information

Authors and Affiliations

  1. Lucent Technologies, Bell Labs, Murray Hill, NJ, USA

    Philip MacKenzie

  2. Carnegie Mellon University, Pittsburgh, PA, USA

    Michael K. Reiter

Authors
  1. Philip MacKenzie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael K. Reiter
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Philip MacKenzie or Michael K. Reiter.

Rights and permissions

Reprints and permissions

About this article

Cite this article

MacKenzie, P., Reiter, M. Networked cryptographic devices resilient to capture. IJIS 2, 1–20 (2003). https://doi.org/10.1007/s10207-003-0022-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-003-0022-8

Keywords

Search

Navigation