Abstract
Password hardening encryption (PHE) is an emerging primitive in recent years. It can resist offline attack brought by keyword guessing attack from server via adding a third party with crypto services joining the decryption process. This primitive enhances the password authentication protocol and adds encryption functionality. This paper presents an active attack from server in the first scheme that introduced this primitive. This attack combines the idea from a cutting-edge threat called algorithm substitution attack which is undetectable and makes the server capable of launching offline attack. This result shows that the original PHE scheme can not resist attacks from malicious server. Then this study tries to summarize the property that an algorithm substitution attack resistant scheme should have. After that this paper presents a PHE scheme that can resist such kind of attacks from malicious server with simulation results. Finally, this study concludes the result and gives some expectation for future systematic research on interactive protocols under algorithm substitution attack.
| Translated title of the contribution | Password Hardening Encryption Services Against Malicious Server |
|---|---|
| Original language | Chinese |
| Pages (from-to) | 2482-2493 |
| Number of pages | 12 |
| Journal | Ruan Jian Xue Bao/Journal of Software |
| Volume | 34 |
| Issue number | 5 |
| DOIs | |
| Publication status | Published - 2023 |
Bibliographical note
Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-careOtherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Keywords
- algorithm substitution attack
- malicious server
- password hardening encryption (PHE)
- undetectable