Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 32759
Secure Secret Recovery by using Weighted Personal Entropy

Authors: Leau Y. B., Dinna Nina M. N., Habeeb S. A. H., Jetol B.

Abstract:

Authentication plays a vital role in many secure systems. Most of these systems require user to log in with his or her secret password or pass phrase before entering it. This is to ensure all the valuables information is kept confidential guaranteeing also its integrity and availability. However, to achieve this goal, users are required to memorize high entropy passwords or pass phrases. Unfortunately, this sometimes causes difficulty for user to remember meaningless strings of data. This paper presents a new scheme which assigns a weight to each personal question given to the user in revealing the encrypted secrets or password. Concentration of this scheme is to offer fault tolerance to users by allowing them to forget the specific password to a subset of questions and still recover the secret and achieve successful authentication. Comparison on level of security for weight-based and weightless secret recovery scheme is also discussed. The paper concludes with the few areas that requires more investigation in this research.

Keywords: Secret Recovery, Personal Entropy, Cryptography, Secret Sharing and Key Management.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1076502

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1910

References:


[1] Adi Shamir, "How to Share a Secret" Communications of the ACM, vol. 22, no. 11, 1979.
[2] Amos Beimel, Tamir Tassa and Enav Wienreb, "Characterizing Ideal Weighted Threshold Secret Sharing", The proceedings of the Second Theory of Cryptography Conference (TCC), 2005, pp. 600-619.
[3] Ari Juels and Martin Wattenberg, "A Fuzzy Commitment Scheme", 5th ACM Conference on Computer and Communication Security, 1999, pp. 28- 36.
[4] C. Ellison, C. Hall, R.Milbert and B.Schneier, "Protecting Secret Keys with Personal Entropy", Future Generation Computer Systems, vol. 16, pp. 311-318, 2000.
[5] Charles Miller, "Password Recovery", GNU, Free Software Foundation, 2002.
[6] Daniel Bleichenbacher and Phong Q. Nguyen, "Noisy Polynomial Interpolation and Noisy Chinese Remaindering", Proceedings of Eurocrypt 2000: LNCS 1807, 2000, pp. 53-69
[7] Ernest F. Brickell, "Some Ideal Secret Sharing Schemes", Journal of Combinatorial Mathematics and Combinatorial Computing, vol. 6, pp. 105-113, 1989
[8] Gustavus J. Simmons, "How To (really) Share A Secret", CRYPTO 88, volume 403 of LNCS, 1990, pp. 390-448.
[9] G. R. Blakley, "Safeguarding Cryptographic Keys", AFIPS 1979 National Computer Conference Proceedings, 1979, pp. 313-317.
[10] Hal Abelson and Ross Anderson, The Risks of Key Recovery, Key Escrow, Trusted Third Party and Encryption, Report by an Ad Hoc Group of Cryptographers and Computer Scientists, 1998.
[11] Julie E. Kendall and Kenneth E. Kendall, System Analysis and Design, Sixth edition, US: Pearson Prentice Hall, 2005.
[12] K. McCurley, "A Key Distribution System Equivalent to Factoring", Journal of Cryptology, vol. 1, pp. 85- 105, 1988.
[13] Kooshiar Azimian and Javad Mohajeri, A Verifiable Partial Key Escrow, Based on McCurley Encryption Scheme, Electronic Colloquium on Computational Complexity, ECCC Report TR05-078, 2005.
[14] Lawrence O-Gorman, Amit Bagga and Jon Bentley, "Call Center Customer Verification by Query-Directed Passwords", Financial Cryptography: 8th International Conference (FC), 2004, pp. 54-67.
[15] Manezes A.J, Van oorschot P.C and Vanstone S.A, Handbook of Applied Cryptography, Boca Raton, CRC Press, 1998.
[16] M. Ito, A. Saito and T. Nishizeki, "Secret Sharing Schemes Realizing General Access Structure", Proceedings of IEEE Globecom, 1987, pp. 99-102.
[17] Niklas Frykholm and Ari Juels, "Error-Tolerant Password Recovery", Proceedings ACM Conference of Computer and Communications Security, 2001, pp. 1-8.
[18] Z. Shmuley, Diffie-Hellman Public-Key Generating Systems Are Hard To Break. Technical Report No.356, Computer Science Department, Technion, Israel, 1985.
[19] E. D. Karnin, J. W. Greene and M. E. Hellman, "On Secret Sharing Systems", IEEE Trans. on Information Theory, vol. 29(1), pp. 35-41.
[20] Taylor-Powell, E. "Questionnaire Design Asking Questions with A Purpose", University of Wisconsin Extension, 1998.