Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Strengthening public key authentication against key theft

Martin Kleppmann
December 09, 2015
Research
3
1.3k

Strengthening public key authentication against key theft

Slides from my talk presented at the 9th International Conference on Passwords (Passwords15), Cambridge, UK, 9 December 2015.
Paper: http://martin.kleppmann.com/papers/mrsa-pass15.pdf
Conference website: http://www.cl.cam.ac.uk/events/passwords2015/

Abstract:

Authentication protocols based on an asymmetric keypair provide strong authentication as long as the private key remains secret, but may fail catastrophically if the private key is lost or stolen. Even when encrypted with a password, stolen key material is susceptible to offline brute-force attacks. In this paper we demonstrate a method for rate-limiting password guesses on stolen key material, without requiring special hardware or changes to servers. By slowing down offline attacks and enabling easy key revocation our algorithm reduces the risk of key compromise, even if a low-entropy password is used.

Martin Kleppmann

December 09, 2015
Tweet

More Decks by Martin Kleppmann

See All by Martin Kleppmann
Collaborative editing through a databases lens
ept
0
1.6k
Making CRDTs Byzantine fault tolerant
ept
0
1.3k
Protecting user agency with local-first software
ept
0
560
Automerge: a new foundation for collaboration software
ept
1
500
Byzantine Eventual Consistency and the Fundamental Limits of Peer-to-peer Databases
ept
1
190
Harm reduction for cryptographic backdoors
ept
0
180
Thinking in Events: From Databases to Distributed Collaboration Software
ept
0
18k
Automerge: A new foundation for collaboration software
ept
1
2.3k
CRDTs: The Hard Parts
ept
3
56k

Other Decks in Research

See All in Research
Bridging the Gap: AI Research and Real-World Deployment in AI Companies
shurain
0
310
カスタマーサクセス白書2023 〜営業とカスタマーサクセスの協業で実現するLTV最大化 〜
hicustomer
0
790
CSC570 Lecture 05
javiergs
PRO
0
110
SRv6 Mobile User Plane(MUP) の紹介とMUP-BGPのOSS実装における相互接続性について
takehaya
1
200
NLP2023 分類タスクにおける不確実性の高い文章の傾向調査
masatoto
0
270
機械学習にもう一歩踏み込むための『最適輸送の理論とアルゴリズム』
joisino
3
660
第二回 3Dなんでも勉強会
ooshita
0
310
20230326AJGEOG_GIS
tosseto
0
130
ChatGPTとの付き合い方
hiroshinakagawa
2
2.9k
【論文紹介】Google. 2023. PaLM 2 Technical Report
chokkan
PRO
9
4.6k
TOSHIATE:実在都市をコースとした都市当てレースゲーム / i2023-TOSHIATE
yumulab
0
170
Introduction of NII Shoichi Koyama's Lab (FY2023)
sh01k
0
150

Featured

See All Featured
Creatively Recalculating Your Daily Design Routine
revolveconf
207
11k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.5k
Making the Leap to Tech Lead
cromwellryan
118
7.8k
Building Your Own Lightsaber
phodgson
96
5k
Raft: Consensus for Rubyists
vanstee
130
5.8k
Support Driven Design
roundedbygravity
88
9k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
Debugging Ruby Performance
tmm1
68
11k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6k
Automating Front-end Workflow
addyosmani
1352
200k
Producing Creativity
orderedlist
PRO
335
38k
Web Components: a chance to create the future
zenorocha
304
41k

Transcript

  1. View Slide

  2. View Slide

  3. View Slide

  4. View Slide

  5. View Slide

  6. View Slide

  7. View Slide

  8. View Slide

  9. View Slide

  10. View Slide

  11. View Slide

  12. View Slide

  13. View Slide

  14. View Slide

  15. View Slide

  16. View Slide

  17. View Slide

  18. View Slide

  19. View Slide

  20. View Slide

  21. View Slide

  22. View Slide

  23. View Slide

  24. View Slide

  25. View Slide

  26. View Slide

  27. View Slide

  28. View Slide

  29. View Slide

  30. View Slide

  31. View Slide

  32. View Slide

  33. View Slide

  34. View Slide

  35. View Slide

  36. View Slide

  37. View Slide

  38. View Slide

  39. View Slide

  40. View Slide

  41. View Slide

  42. View Slide

  43. View Slide

  44. View Slide

  45. View Slide

  46. View Slide

  47. View Slide

  48. View Slide

  49. View Slide

  50. View Slide

  51. View Slide

  52. 1.  Dan Boneh, Xuhua Ding, Gene Tsudik, and Chi Ming Wong: “A Method for Fast Revocation of Public
    Key Certificates and Security Capabilities,” at 10th USENIX Security Symposium, August 2001.
    2.  Mirosław Kutyłowski, Przemysław Kubiak, Michał Tabor, and Daniel Wachnik: “Mediated RSA
    cryptography specification for additive private key splitting (mRSAA),” IETF Internet Draft, November
    2012. https://tools.ietf.org/html/draft-kutylowski-mrsa-algorithm-03
    3.  J. Jonsson and B. Kaliski: “Public-Key Cryptography Standards (PKCS) #1: RSA cryptography
    specifications version 2.1”. Network Working Group RFC 3447, Feb 2003.
    4.  Sampath Srinivas, Dirk Balfanz, Eric Tiffany, and Alexei Czeskis: “Universal 2nd factor (U2F) overview”.
    FIDO Alliance Proposed Standard, May 2015. https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-
    amendment-20150514/fido-u2f-overview.html
    5.  T. Ylonen and C. Lonvick: “The Secure Shell (SSH) authentication protocol”. Network Working Group
    RFC 4252, Jan 2006.

    View Slide

  53. View Slide