Skip to main content
SpringerLink
Log in

Client-Server Password Recovery

(Extended Abstract)

  • Conference paper
Book cover On the Move to Meaningful Internet Systems: OTM 2009 (OTM 2009)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5871))

Abstract

Human memory is not perfect – people constantly memorize new facts and forget old ones. One example is forgetting a password, a common problem raised at IT help desks. We present several protocols that allow a user to automatically recover a password from a server using partial knowledge of the password. These protocols can be easily adapted to the personal entropy setting [7], where a user can recover a password only if he can answer a large enough subset of personal questions.

We introduce client-server password recovery methods, in which the recovery data are stored at the server, and the recovery procedures are integrated into the login procedures. These methods apply to two of the most common types of password based authentication systems. The security of these solutions is significantly better than the security of presently proposed password recovery schemes. For our protocols we propose a variation of threshold encryption [5, 8, 16] that might be of independent interest.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS 1993: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM, New York (1993)

    Chapter  Google Scholar 

  2. Blakley, G.: Safeguarding cryptographic keys. In: AFIPS Conference Proceedings, June 1979, vol. 48, pp. 313–317 (1979)

    Google Scholar 

  3. Bleichenbacher, D., Nguyen, P.Q.: Noisy polynomial interpolation and noisy chinese remaindering. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 53–69. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Boneh, D.: Finding smooth integers in short intervals using CRT decoding. Journal of Computer and System Sciences 64(4), 768–784 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  5. Damgard, I., Jurik, M., Nielsen, J.B.: A generalization of Paillier’s public-key system with applications to electronic voting (2003), http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.13.3383

  6. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data CoRR abs/cs/0602007 (2006), http://arxiv.org/abs/cs/0602007

  7. Ellison, C., Hall, C., Milbert, R., Schneier, B.: Protecting secret keys with personal entropy. Future Generation Computer Systems 16(4), 311–318 (2000)

    Article  Google Scholar 

  8. Fouque, P.-A., Poupard, G., Stern, J.: Sharing decryption in the context of voting or lotteries. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 90–104. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Frykholm, N., Juels, A.: Error-tolerant password recovery. In: CCS 2001: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 1–9. ACM, New York (2001)

    Chapter  Google Scholar 

  10. Gamal, T.E.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)

    Chapter  Google Scholar 

  11. Goldreich, O.: Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, New York (2004)

    MATH  Google Scholar 

  12. Kanukurthi, B., Reyzin, L.: An improved robust fuzzy extractor. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 156–171. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Lipmaa, H.: An oblivious transfer protocol with log-squared communication. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 314–328. Springer, Heidelberg (2005)

    Google Scholar 

  14. Naor, M., Pinkas, B.: Oblivious polynomial evaluation. SIAM J. Comput. 35(5), 1254–1281 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  15. Nisan, N., Ta-Shma, A.: Extracting randomness: a survey and new constructions. J. Comput. Syst. Sci. 58(1), 148–173 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  16. Schoenmakers, B., Tuyls, P.: Practical two-party computation based on the conditional gate. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 119–136. Springer, Heidelberg (2004)

    Google Scholar 

  17. Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Digital Security Group, Radboud University Nijmegen, The Netherlands

    Łukasz Chmielewski, Jaap-Henk Hoepman & Peter van Rossum

  2. TNO Information and Communication Technology, The Netherlands

    Jaap-Henk Hoepman

Authors
  1. Łukasz Chmielewski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaap-Henk Hoepman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter van Rossum
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STARLab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. DEBII - CBS, De Laeter Way, Curtin University of Technology, 6102, Bentley, WA, Australia

    Tharam Dillon

  3. Facultad de Informática, Universidad Politécnica de Madrid, , , , ,, Campus de Montegancedo S/N, Boadilla del Monte, 28660, Madrid, Spain

    Pilar Herrero

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chmielewski, Ł., Hoepman, JH., van Rossum, P. (2009). Client-Server Password Recovery. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2009. OTM 2009. Lecture Notes in Computer Science, vol 5871. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05151-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-05151-7_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-05150-0

  • Online ISBN: 978-3-642-05151-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation