[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2024/1912

Universally Composable and Reliable Password Hardening Services

Shaoqiang Wu, Nankai University
Ding Wang, Nankai University
Abstract

The password-hardening service (PH) is a crypto service that armors canonical password authentication with an external key against offline password guessing in case the password file is somehow compromised/leaked. The game-based formal treatment of PH was brought by Everspaugh et al. at USENIX Security'15. Their work is followed by efficiency-enhancing PO-COM (CCS'16), security-patching Phoenix (USENIX Security'17), and functionality-refining PW-Hero (SRDS'22). However, the issue of single points of failure (SPF) inherently impairs the availability of these PH schemes. More specifically, the failure of a single PH server responsible for crypto computation services will suspend password authentication for all users. We propose the notion of reliable PH, which improves the availability of PH by eliminating SPF. We present a modular PH construction, TF-PH, essentially a generic compiler that can transform any PH protocol into a reliable one without SPF via introducing threshold failover. Particularly, we propose a concrete reliable PH protocol, called TF-RePhoenix, a simple and efficient construction with RePhoenix (which improves over Phoenix at USENIX Security'17) as the PH module. Security is proven within the universally composable (UC) security framework and the random oracle model (ROM), where we, for the first time, formalize the ideal UC functionalities of PH and reliable PH. We comparatively evaluate the efficiency of our TF-PH with the canonical threshold method (taken as an example, the threshold solution introduced by Brost et al. at CCS'20 in a PH-derived domain -- password-hardened encryption). Results show that our threshold failover-based solution to SPF provides optimal performance and achieves failover in a millisecond.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
AuthenticationPassword hardeningSingle points of failureUC
Contact author(s)
wushaoqiang @ mail nankai edu cn
wangding @ nankai edu cn
History
2024-12-03: last of 2 revisions
2024-11-25: received
See all versions
Short URL
https://ia.cr/2024/1912
License
Creative Commons Attribution-NonCommercial-ShareAlike
CC BY-NC-SA

BibTeX

@misc{cryptoeprint:2024/1912,
      author = {Shaoqiang Wu and Ding Wang},
      title = {Universally Composable and Reliable Password Hardening Services},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1912},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1912}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.