Simple Password-Hardened Encryption Services

Lai RWF, Egger C, Reinert M, Chow SS, Maffei M, Schröder D (2018)


Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2018

Publisher: USENIX Association

City/Town: 2560 Ninth Street, Suite 215 Berkeley, CA 94710 USA

Conference Proceedings Title: 27th USENIX Security Symposium (USENIX Security 18)

Event location: Baltimore, MD US

URI: https://www.usenix.org/conference/usenixsecurity18/presentation/lai

Open Access Link: https://www.usenix.org/conference/usenixsecurity18/presentation/lai

Abstract

A drastically increasing number of data breaches targeted online service providers for user-specific data such as their passwords or credit card number. A natural solution is to use encryption, but decryption is needed often (whenever the service needs to utilize these data) and storing the decryption key along is obviously dangerous.

To address this urgent need for data security, we propose password-hardened encryption (PHE). With the help of an external crypto server, a service provider can recover the user data encrypted by PHE only when an end user supplied a correct password. PHE inherits the security features of password-hardening (Usenix Security '15), adding protection for the user data. In particular, the crypto server does not learn any information about any user data.
More importantly, both the crypto server and the service provider can rotate their secret keys, a proactive security mechanism mandated by the Payment Card Industry Data Security Standard.

We build an extremely simple password-hardened encryption scheme. Compared with the state-of-the-art password-hardening scheme (Usenix Security '17), our scheme only uses minimal number-theoretic operations and is, therefore, 30% - 50% more efficient. In fact, our extensive experimental evaluation demonstrates that our scheme can handle more than 525 encryption and (successful) decryption requests per second per core, which shows that it is lightweight and readily deployable with large-scale systems. Regarding security, our scheme also achieves a stronger soundness property, which puts less trust on the good behavior of the crypto server.

Authors with CRIS profile

Involved external institutions

How to cite

APA:

Lai, R.W.F., Egger, C., Reinert, M., Chow, S.S., Maffei, M., & Schröder, D. (2018). Simple Password-Hardened Encryption Services. In USENIX Association (Eds.), 27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD, US: 2560 Ninth Street, Suite 215 Berkeley, CA 94710 USA: USENIX Association.

MLA:

Lai, Russell W. F., et al. "Simple Password-Hardened Encryption Services." Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD Ed. USENIX Association, 2560 Ninth Street, Suite 215 Berkeley, CA 94710 USA: USENIX Association, 2018.

BibTeX: Download