Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Strengthening public key authentication against key theft

Martin Kleppmann
December 09, 2015

Strengthening public key authentication against key theft

Slides from my talk presented at the 9th International Conference on Passwords (Passwords15), Cambridge, UK, 9 December 2015.
Paper: http://martin.kleppmann.com/papers/mrsa-pass15.pdf
Conference website: http://www.cl.cam.ac.uk/events/passwords2015/


Authentication protocols based on an asymmetric keypair provide strong authentication as long as the private key remains secret, but may fail catastrophically if the private key is lost or stolen. Even when encrypted with a password, stolen key material is susceptible to offline brute-force attacks. In this paper we demonstrate a method for rate-limiting password guesses on stolen key material, without requiring special hardware or changes to servers. By slowing down offline attacks and enabling easy key revocation our algorithm reduces the risk of key compromise, even if a low-entropy password is used.

Martin Kleppmann

December 09, 2015

More Decks by Martin Kleppmann

Other Decks in Research


  1. View Slide

  2. View Slide

  3. View Slide

  4. View Slide

  5. View Slide

  6. View Slide

  7. View Slide

  8. View Slide

  9. View Slide

  10. View Slide

  11. View Slide

  12. View Slide

  13. View Slide

  14. View Slide

  15. View Slide

  16. View Slide

  17. View Slide

  18. View Slide

  19. View Slide

  20. View Slide

  21. View Slide

  22. View Slide

  23. View Slide

  24. View Slide

  25. View Slide

  26. View Slide

  27. View Slide

  28. View Slide

  29. View Slide

  30. View Slide

  31. View Slide

  32. View Slide

  33. View Slide

  34. View Slide

  35. View Slide

  36. View Slide

  37. View Slide

  38. View Slide

  39. View Slide

  40. View Slide

  41. View Slide

  42. View Slide

  43. View Slide

  44. View Slide

  45. View Slide

  46. View Slide

  47. View Slide

  48. View Slide

  49. View Slide

  50. View Slide

  51. View Slide

  52. 1.  Dan Boneh, Xuhua Ding, Gene Tsudik, and Chi Ming Wong: “A Method for Fast Revocation of Public
    Key Certificates and Security Capabilities,” at 10th USENIX Security Symposium, August 2001.
    2.  Mirosław Kutyłowski, Przemysław Kubiak, Michał Tabor, and Daniel Wachnik: “Mediated RSA
    cryptography specification for additive private key splitting (mRSAA),” IETF Internet Draft, November
    2012. https://tools.ietf.org/html/draft-kutylowski-mrsa-algorithm-03
    3.  J. Jonsson and B. Kaliski: “Public-Key Cryptography Standards (PKCS) #1: RSA cryptography
    specifications version 2.1”. Network Working Group RFC 3447, Feb 2003.
    4.  Sampath Srinivas, Dirk Balfanz, Eric Tiffany, and Alexei Czeskis: “Universal 2nd factor (U2F) overview”.
    FIDO Alliance Proposed Standard, May 2015. https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-
    5.  T. Ylonen and C. Lonvick: “The Secure Shell (SSH) authentication protocol”. Network Working Group
    RFC 4252, Jan 2006.

    View Slide

  53. View Slide