دورية أكاديمية
A Password Meter without Password Exposure
| العنوان: | A Password Meter without Password Exposure |
|---|---|
| المؤلفون: | Pyung Kim, Younho Lee, Youn-Sik Hong, Taekyoung Kwon |
| المصدر: | Sensors, Vol 21, Iss 2, p 345 (2021) |
| بيانات النشر: | MDPI AG, 2021. |
| سنة النشر: | 2021 |
| المجموعة: | LCC:Chemical technology |
| مصطلحات موضوعية: | authentication, privacy, computer security, network security, cryptography, Chemical technology, TP1-1185 |
| الوصف: | To meet password selection criteria of a server, a user occasionally needs to provide multiple choices of password candidates to an on-line password meter, but such user-chosen candidates tend to be derived from the user’s previous passwords—the meter may have a high chance to acquire information about a user’s passwords employed for various purposes. A third party password metering service may worsen this threat. In this paper, we first explore a new on-line password meter concept that does not necessitate the exposure of user’s passwords for evaluating user-chosen password candidates in the server side. Our basic idea is straightforward; to adapt fully homomorphic encryption (FHE) schemes to build such a system but its performance achievement is greatly challenging. Optimization techniques are necessary for performance achievement in practice. We employ various performance enhancement techniques and implement the NIST (National Institute of Standards and Technology) metering method as seminal work in this field. Our experiment results demonstrate that the running time of the proposed meter is around 60 s in a conventional desktop server, expecting better performance in high-end hardware, with an FHE scheme in HElib library where parameters support at least 80-bit security. We believe the proposed method can be further explored and used for a password metering in case that password secrecy is very important—the user’s password candidates should not be exposed to the meter and also an internal mechanism of password metering should not be disclosed to users and any other third parties. |
| نوع الوثيقة: | article |
| وصف الملف: | electronic resource |
| اللغة: | English |
| تدمد: | 21020345 1424-8220 |
| Relation: | https://www.mdpi.com/1424-8220/21/2/345; https://doaj.org/toc/1424-8220 |
| DOI: | 10.3390/s21020345 |
| URL الوصول: | https://doaj.org/article/7918ce6b11614b3e800b9054b3a197e7 |
| رقم الأكسشن: | edsdoj.7918ce6b11614b3e800b9054b3a197e7 |
| قاعدة البيانات: | Directory of Open Access Journals |
Full Text Finder | تدمد: | 21020345 14248220 |
|---|---|
| DOI: | 10.3390/s21020345 |