抵抗恶意服务器的口令增强加密方案

Journal article (2023)

Authors

Yi Zhao Chang'an University

Hang Liu Chang'an University

K. Liang

Yang Ming Chang'an University

Xiang Mo Zhao Chang'an University

Bo Yang Shaanxi Normal University

Algorithm substitution attack Malicious server Password hardening encryption (PHE) Undetectable

To reference this document use:

http://resolver.tudelft.nl/uuid:d896a492-b061-4536-b246-daf90abcf866

More Info

expand_more

Published Date

2023

Language

Chinese

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

Password hardening encryption (PHE) is an emerging primitive in recent years. It can resist offline attack brought by keyword guessing attack from server via adding a third party with crypto services joining the decryption process. This primitive enhances the password authentication protocol and adds encryption functionality. This paper presents an active attack from server in the first scheme that introduced this primitive. This attack combines the idea from a cutting-edge threat called algorithm substitution attack which is undetectable and makes the server capable of launching offline attack. This result shows that the original PHE scheme can not resist attacks from malicious server. Then this study tries to summarize the property that an algorithm substitution attack resistant scheme should have. After that this paper presents a PHE scheme that can resist such kind of attacks from malicious server with simulation results. Finally, this study concludes the result and gives some expectation for future systematic research on interactive protocols under algorithm substitution attack.

Files

6440.pdf

(.pdf | 8.75 Mb)

- Embargo expired in 22-08-2024