ABSTRACT
Including electronic identities (eIDs), such as passports or driving licenses in smartphones transforms them into a single point of failure: loss, theft, or malfunction would prevent their users even from identifying themselves e.g. during travel. Therefore, a secure backup of such identity data is paramount, and an obvious solution is to store encrypted backups on cloud servers. However, the critical challenge is how a user decrypts the encrypted data backup if the user's device gets lost or stolen and there is no longer a secure storage (e.g. smartphone) to keep the secret key. To address this issue, Password-Protected Secret Sharing (PPSS) schemes have been proposed which allow a user to store a secret key among n servers such that the user can later reconstruct the secret key. Unfortunately, PPSS schemes are not appropriate for some applications. For example, users will be highly unlikely to remember a cryptographically strong password when the smartphone is lost. Also, they still suffer from inefficiency. In this paper, we propose a new secret key reconstruction protocol based recently popular PPSS schemes with a Fuzzy Extractor which allows a client to recover secret keys from an only partially trusted server and an auxiliary device using multiple key shares and a biometric identifier. We prove the security of our proposed protocol in the random oracle model where the parties can be corrupted separately at any time. An initial performance analysis shows that it is efficient for this use case.
- Michel Abdalla, Mario Cornejo, Anca Nitulescu, and David Pointcheval. 2016. Robust password-protected secret sharing. In European Symposium on Research in Computer Security (PKC'05). Springer-Verlag, Berlin, Heidelberg, 61--79.Google ScholarCross Ref
- Michel Abdalla, Pierre-Alain Fouque, and David Pointcheval. 2005. Password-Based Authenticated Key Exchange in the Three-party Setting. In Proceedings of the 8th International Conference on Theory and Practice in Public Key Cryptography (PKC'05). Springer-Verlag, Berlin, Heidelberg, 65--84. Google ScholarDigital Library
- Arathi Arakala, Jason Jeffers, and K. J. Horadam. 2007. Fuzzy Extractors for Minutiae-based Fingerprint Authentication. In Proceedings of the 2007 International Conference on Advances in Biometrics (ICB'07). Springer-Verlag, Berlin, Heidelberg, 760--769. http://dl.acm.org/citation.cfm?id=2391659.2391745 Google ScholarDigital Library
- Ali Bagherzandi, Stanislaw Jarecki, Nitesh Saxena, and Yanbin Lu. 2011. Password-protected Secret Sharing. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS '11). ACM, New York, NY, USA, 433--444. Google ScholarDigital Library
- Mihir Bellare, David Pointcheval, and Phillip Rogaway. 2000. Authenticated Key Exchange Secure Against Dictionary Attacks. In Proceedings of the 19th International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT'00). Springer-Verlag, Berlin, Heidelberg, 139--155. http://dl.acm.org/citation.cfm?id=1756169.1756185 Google ScholarDigital Library
- Patrik Bichsel, Bud Bruegger, Alberto Crespo Garcia, Thomas Gross, André Gutwirth, Moritz Horsch, Detlef Houdeau, Charles Bastos Rodriguez, and Tarvi Martens. 2013. Survey and Analysis of Existing eID and Credential Systems. Deliverable D32.1. http://www.cspforum.eu/FutureID_D32.1_WP32_v1.0_Survey_of_existing_eID_and_credential_systems.pdfGoogle Scholar
- Victor Boyko, Philip MacKenzie, and Sarvar Patel. 2000. Provably Secure Password-authenticated Key Exchange Using Diffie-Hellman. In Proceedings of the 19th International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT'00). Springer-Verlag, Berlin, Heidelberg, 156--171. http://dl.acm.org/citation.cfm?id=1756169.1756186 Google ScholarDigital Library
- Jan Camenisch, Robert R Enderlein, and Gregory Neven. 2015. Two-server password-authenticated secret sharing UC-secure against transient corruptions. In IACR International Workshop on Public Key Cryptography (PKC'05). Springer-Verlag, Berlin, Heidelberg, 283--307.Google ScholarCross Ref
- Jan Camenisch, Anja Lehmann, Anna Lysyanskaya, and Gregory Neven. 2014. Memento: How to reconstruct your secrets from a single password in a hostile environment. In International Cryptology Conference (CRYPTO'06). Springer-Verlag, Berlin, Heidelberg, 256--275.Google ScholarCross Ref
- Jan Camenisch, Anja Lehmann, and Gregory Neven. 2015. Optimal Distributed Password Verification. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15). ACM, New York, NY, USA, 182--194. Google ScholarDigital Library
- Jan Camenisch, Anna Lysyanskaya, and Gregory Neven. 2012. Practical Yet Universally Composable Two-server Password-authenticated Secret Sharing. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12). ACM, 525--536. Google ScholarDigital Library
- Ran Canetti and Hugo Krawczyk. 2001. Analysis of key-exchange protocols and their use for building secure channels. In International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'00). Springer-Verlag, Berlin, Heidelberg, 453--474. Google ScholarDigital Library
- Yevgeniy Dodis, Jonathan Katz, Leonid Reyzin, and Adam Smith. 2006. Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets. In Proceedings of the 26th Annual International Conference on Advances in Cryptology (CRYPTO'06). Springer-Verlag, Berlin, Heidelberg, 232--250. Google ScholarDigital Library
- Yevgeniy Dodis, Rafail Ostrovsky, Leonid Reyzin, and Adam Smith. 2008. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. SIAM J. Comput. 38, 1 (March 2008), 97--139. Google ScholarDigital Library
- Warwick Ford and Burton S. Kaliski, Jr. 2000. Server-Assisted Generation of a Strong Secret from a Password. In Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE '00). IEEE Computer Society, Washington, DC, USA, 176--180. http://dl.acm.org/citation.cfm?id=647068.715647 Google ScholarDigital Library
- Mohsen Guizani, Daojing He, Kui Ren, Joel JP Rodrigues, Sammy Chan, and Yan Zhang. 2015. Security and privacy in emerging networks: Part II {Guest Editorial}. IEEE Communications Magazine 53, 8 (2015), 40--41.Google ScholarDigital Library
- Debiao He, Neeraj Kumar, Jong-Hyouk Lee, and R Sherratt. 2014. Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics 60, 1 (2014), 30--37.Google ScholarCross Ref
- Michael Hölzl, Michael Roland, and René Mayrhofer. 2016. Real-World Identification: Towards a Privacy-Aware Mobile eID for Physical and Offline Verification. In Proceedings of the 14th International Conference on Advances in Mobile Computing and Multi Media (MoMM '16). ACM, 280--283. Google ScholarDigital Library
- Michael Hölzl, Michael Roland, Omid Mir, and René Mayrhofer. 2018. Bridging the Gap in Privacy-Preserving Revocation: Practical and Scalable Revocation for a Privacy-Aware Mobile eID. In Proceedings of SAC 2018: Symposium on Applied Computing. ACM, Pau, France. Google ScholarDigital Library
- Stanislaw Jarecki, Aggelos Kiayias, and Hugo Krawczyk. 2014. Round-optimal password-protected secret sharing and T-PAKE in the password-only model. In International Conference on the Theory and Application of Cryptology and Information Security. Springer-Verlag, Berlin, Heidelberg, 233--253.Google ScholarCross Ref
- Stanislaw Jarecki, Aggelos Kiayias, Hugo Krawczyk, and Jiayu Xu. 2016. Highly-efficient and composable password-protected secret sharing (or: how to protect your bitcoin wallet online). In IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 276--291.Google ScholarCross Ref
- Andrew Teoh Beng Jin, David Ngo Chek Ling, and Alwyn Goh. 2004. Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern recognition 37, 11 (2004), 2245--2255. Google ScholarDigital Library
- Ivan Krstić. 2016. Behind the scenes' iOS security talk. (August 2016). https://www.youtube.com/watch?v=BLGFriOKz6UGoogle Scholar
- Omid Mir, Jorge Munilla, and Saru Kumari. 2017. Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks. Peer-to-Peer Networking and Applications 10, 1 (Aug. 2017), 79--91.Google ScholarCross Ref
- Omid Mir and Morteza Nikooghadam. 2015. A Secure Biometrics Based Authentication with Key Agreement Scheme in Telemedicine Networks for E-Health Services. Wirel. Pers. Commun. 83, 4 (Aug. 2015), 2439--2461. Google ScholarDigital Library
- MIRACALć. 2015. Multiprecision Integer and Rational Arithmetic Cryptographic Library. (2015). https://github.com/CertiVox/MIRAClGoogle Scholar
- Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami. 2015. A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security 10, 9 (2015), 1953--1966.Google ScholarDigital Library
- Adi Shamir. 1979. How to Share a Secret. Commun. ACM 22, 11 (Nov. 1979), 612--613. Google ScholarDigital Library
- Kris Shrishak. 2016. Enhancing the Privacy of Users in eID schemes through Cryptography. Literature Survey, Delft University of Technology, Delft, 45.Google Scholar
- Qi Xie, Duncan S Wong, Guilin Wang, Xiao Tan, Kefei Chen, and Liming Fang. 2017. Provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Transactions on Information Forensics and Security 12, 6 (2017), 1382--1392. Google ScholarDigital Library
- Xun Yi, Feng Hao, Liqun Chen, and Joseph K. Liu. 2015. Practical Threshold Password-Authenticated Secret Sharing Protocol. In Proceedings, Part I, of the 20th European Symposium on Computer Security -- ESORICS 2015 - Volume 9326. Springer-Verlag, Berlin, Heidelberg, 347--365. Google ScholarDigital Library
Index Terms
- Recovery of Encrypted Mobile Device Backups from Partially Trusted Cloud Servers
Recommendations
Shared and searchable encrypted data for untrusted servers
DBSEC 2008Current security mechanisms are not suitable for organisations that outsource their data management to untrusted servers. Encrypting and decrypting sensitive data at the client side is the normal approach in this situation but has high communication and ...
Efficient certificate-based verifiable encrypted signature scheme
Certificate-based public key cryptographic is a novel cryptographic primitive solving the heavy management problem in the conventional public key cryptographic. Verifiable encrypted signature is useful for many cryptographic protocols and often is used ...
Verifiably encrypted signatures with short keys based on the decisional linear problem and obfuscation for encrypted VES
Verifiably encrypted signatures (VES) are encrypted signatures under a public key of a trusted third party. We can verify their validity without decryption. VES has useful applications such as online contract signing and optimistic fair exchange. We ...
Comments