Strengthening Public Key Authentication Against Key Theft (Short Paper)
Authentication protocols based on an asymmetric keypair provide strong authentication as long as the private key remains secret, but may fail catastrophically if the private key is lost or stolen. Even when encrypted with a password, stolen key material is susceptible to offline brute-force attacks. In this paper we demonstrate a method for rate-limiting password guesses on stolen key material, without requiring special hardware or changes to servers. By slowing down offline attacks and enabling easy key revocation our algorithm reduces the risk of key compromise, even if a low-entropy password is used.
KeywordsAuthentication Protocol Stream Cipher Replay Attack Client Device Channel Binding
We thank Alastair R. Beresford and the reviewers for their helpful feedback.
- 1.Altman, J., Williams, N., Zhu, L.: Channel bindings for TLS. IETF RFC 5929, July 2010Google Scholar
- 2.Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: Proceedings of the 10th USENIX Security Symposium, pp. 297–308, August 2001Google Scholar
- 3.Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) protocol version 1.2. Network Working Group RFC 5246, August 2008Google Scholar
- 4.Dietz, M., Czeskis, A., Balfanz, D., Wallach, D.S.: Origin-bound certificates: a fresh approach to strong client authentication for the web. In: 21st USENIX Security Symposium, pp. 317–332, August 2012Google Scholar
- 5.Jonsson, J., Kaliski, B.: Public-key cryptography standards (PKCS) #1: RSA cryptography specifications version 2.1. Network Working Group RFC 3447, February 2003Google Scholar
- 6.Kutyłowski, M., Kubiak, P., Tabor, M., Wachnik, D.: Mediated RSA cryptography specification for additive private key splitting (mRSAA). IETF Internet Draft, November 2012Google Scholar
- 7.Lipmaa, H., Rogaway, P., Wagner, D.: Comments to NIST concerning AES modes of operations: CTR-mode encryption, September 2000Google Scholar
- 8.Parsovs, A.: Practical issues with TLS client certificate authentication. In: Network and Distributed System Security Symposium (NDSS), February 2014Google Scholar
- 9.Percival, C.: Stronger key derivation via sequential memory-hard functions. BSDCan 2009, May 2009Google Scholar
- 10.Srinivas, S., Balfanz, D., Tiffany, E., Czeskis, A.: Universal 2nd factor (U2F) overview. FIDO Alliance Proposed Standard, May 2015Google Scholar
- 11.Ylonen, T., Lonvick, C.: The Secure Shell (SSH) authentication protocol. Network Working Group RFC 4252, January 2006Google Scholar