Simple Password-Hardened Encryption Services

Beitrag bei einer Tagung
(Konferenzbeitrag)


Details zur Publikation

Autorinnen und Autoren: Lai RWF, Egger C, Reinert M, Chow SS, Maffei M, Schröder D
Herausgeber: USENIX Association
Verlag: USENIX Association
Verlagsort: 2560 Ninth Street, Suite 215
Berkeley, CA 94710
USA

Jahr der Veröffentlichung: 2018
Tagungsband: 27th USENIX Security Symposium (USENIX Security 18)
Sprache: Englisch


Abstract

A drastically increasing number of data breaches targeted online service providers for user-specific data such as their passwords or credit card number. A natural solution is to use encryption, but decryption is needed often (whenever the service needs to utilize these data) and storing the decryption key along is obviously dangerous.

To address this urgent need for data security, we propose password-hardened encryption (PHE). With the help of an external crypto server, a service provider can recover the user data encrypted by PHE only when an end user supplied a correct password. PHE inherits the security features of password-hardening (Usenix Security '15), adding protection for the user data. In particular, the crypto server does not learn any information about any user data.
More importantly, both the crypto server and the service provider can rotate their secret keys, a proactive security mechanism mandated by the Payment Card Industry Data Security Standard.

We build an extremely simple password-hardened encryption scheme. Compared with the state-of-the-art password-hardening scheme (Usenix Security '17), our scheme only uses minimal number-theoretic operations and is, therefore, 30% - 50% more efficient. In fact, our extensive experimental evaluation demonstrates that our scheme can handle more than 525 encryption and (successful) decryption requests per second per core, which shows that it is lightweight and readily deployable with large-scale systems. Regarding security, our scheme also achieves a stronger soundness property, which puts less trust on the good behavior of the crypto server.


FAU-Autorinnen und Autoren / FAU-Herausgeberinnen und Herausgeber

Egger, Christoph
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)
Lai, Russell W. F.
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)
Schröder, Dominique Prof. Dr.
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)


Einrichtungen weiterer Autorinnen und Autoren

Universität des Saarlandes (UdS)


Zitierweisen

APA:
Lai, R.W.F., Egger, C., Reinert, M., Chow, S.S., Maffei, M., & Schröder, D. (2018). Simple Password-Hardened Encryption Services. In USENIX Association (Eds.), 27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD, US: 2560 Ninth Street, Suite 215 Berkeley, CA 94710 USA: USENIX Association.

MLA:
Lai, Russell W. F., et al. "Simple Password-Hardened Encryption Services." Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD Ed. USENIX Association, 2560 Ninth Street, Suite 215 Berkeley, CA 94710 USA: USENIX Association, 2018.

BibTeX: 

Zuletzt aktualisiert 2018-03-10 um 15:10