Leakage Resilient Password Systems
This book investigates tradeoff between security and usability in designing leakage resilient password systems (LRP) and introduces two practical LRP systems named Cover Pad and ShadowKey. It demonstrates that existing LRP systems are subject to both brut
- PDF / 2,651,177 Bytes
- 74 Pages / 439.43 x 666.14 pts Page_size
- 1 Downloads / 224 Views
Yingjiu Li Qiang Yan Robert H. Deng
Leakage Resilient Password Systems
123
SpringerBriefs in Computer Science
Series Editors Stan Zdonik Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi C. Jain David Padua Xuemin (Sherman) Shen Borko Furht V.S. Subrahmanian Martial Hebert Katsushi Ikeuchi Bruno Siciliano Sushil Jajodia Newton Lee
More information about this series at http://www.springer.com/series/10028
Yingjiu Li • Qiang Yan • Robert H. Deng
Leakage Resilient Password Systems
123
Yingjiu Li School of Information Systems Singapore Management University Singapore
Qiang Yan Google, Zurich Switzerland
Robert H. Deng School of Information Systems Singapore Management University Singapore
ISSN 2191-5768 ISSN 2191-5776 (electronic) SpringerBriefs in Computer Science ISBN 978-3-319-17502-7 ISBN 978-3-319-17503-4 (eBook) DOI 10.1007/978-3-319-17503-4 Library of Congress Control Number: 2015936731 Springer Cham Heidelberg New York Dordrecht London © The Author(s) 2015 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. Printed on acid-free paper Springer International Publishing AG Switzerland is part of Springer Science+Business Media (www. springer.com)
Preface
The design of leakage resilient password (LRP) systems in the absence of any trusted devices for unaided users remains a challenging problem despite two decades of intensive research in the security community. The first chapter of this book investigates the inherent tradeoff between security and usability in designing LRP systems. It is demonstrated that most of the existing LRP systems are subject to two types of generic attacks, the brute force attacks and the statistical attacks, and that these attacks cannot be effectively mitigated without sacrificing the usability of LRP systems. A quantitative analysis framework is introduced on the usability of LRP systems for which the authentication process is decomposed into some atomic cognitive operations in psychology. It is concluded that a secure LRP system in pra
Data Loading...
