Leakage Resilient Password Systems

This book investigates tradeoff between security and usability in designing leakage resilient password systems (LRP) and introduces two practical LRP systems named Cover Pad and ShadowKey. It demonstrates that existing LRP systems are subject to both brute force attacks and statistical attacks and t...

Full description

Saved in:
Bibliographic Details
Main Authors: Yingjiu LI, YAN, Qiang, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2015
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/2980
https://search.library.smu.edu.sg/permalink/f/13b074u/SMU_ALMA5163658820002601
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-3980
record_format dspace
spelling sg-smu-ink.sis_research-39802020-03-27T02:28:10Z Leakage Resilient Password Systems Yingjiu LI, YAN, Qiang DENG, Robert H. This book investigates tradeoff between security and usability in designing leakage resilient password systems (LRP) and introduces two practical LRP systems named Cover Pad and ShadowKey. It demonstrates that existing LRP systems are subject to both brute force attacks and statistical attacks and that these attacks cannot be effectively mitigated without sacrificing the usability of LRP systems. Quantitative analysis proves that a secure LRP system in practical settings imposes a considerable amount of cognitive workload unless certain secure channels are involved. The book introduces a secure and practical LRP system, named Cover Pad, for password entry on touch-screen mobile devices. Cover Pad leverages a temporary secure channel between a user and a touch screen which can be easily realized by placing a hand shielding gesture on the touch screen. The temporary secure channel is used to deliver a hidden message to the user for transforming each password symbol before entering it on the touch screen. A user study shows the impact of these testing conditions on the users' performance in practice. Finally, this book introduces a new LRP system named ShadowKey. Shadow Key is designed to achieve better usability for leakage resilient password entry. It leverages either a permanent secure channel, which naturally exists between a user and the display unit of certain mobile devices, or a temporary secure channel, which can be easily realized between a user and a touch screen with a hand-shielding gesture. The secure channel protects the mappings between original password symbols and associated random symbols. Unlike previous LRP system users, Shadow Key users do not need to remember anything except their passwords. Leakage Resilient Password Systems is designed for professionals working in the security industry. 2015-04-01T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/2980 info:doi/10.1007/978-3-319-17503-4 https://search.library.smu.edu.sg/permalink/f/13b074u/SMU_ALMA5163658820002601 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Computers Access control Passwords Computer security Data protection Computer Sciences Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Computers Access control
Passwords
Computer security
Data protection
Computer Sciences
Information Security
spellingShingle Computers Access control
Passwords
Computer security
Data protection
Computer Sciences
Information Security
Yingjiu LI,
YAN, Qiang
DENG, Robert H.
Leakage Resilient Password Systems
description This book investigates tradeoff between security and usability in designing leakage resilient password systems (LRP) and introduces two practical LRP systems named Cover Pad and ShadowKey. It demonstrates that existing LRP systems are subject to both brute force attacks and statistical attacks and that these attacks cannot be effectively mitigated without sacrificing the usability of LRP systems. Quantitative analysis proves that a secure LRP system in practical settings imposes a considerable amount of cognitive workload unless certain secure channels are involved. The book introduces a secure and practical LRP system, named Cover Pad, for password entry on touch-screen mobile devices. Cover Pad leverages a temporary secure channel between a user and a touch screen which can be easily realized by placing a hand shielding gesture on the touch screen. The temporary secure channel is used to deliver a hidden message to the user for transforming each password symbol before entering it on the touch screen. A user study shows the impact of these testing conditions on the users' performance in practice. Finally, this book introduces a new LRP system named ShadowKey. Shadow Key is designed to achieve better usability for leakage resilient password entry. It leverages either a permanent secure channel, which naturally exists between a user and the display unit of certain mobile devices, or a temporary secure channel, which can be easily realized between a user and a touch screen with a hand-shielding gesture. The secure channel protects the mappings between original password symbols and associated random symbols. Unlike previous LRP system users, Shadow Key users do not need to remember anything except their passwords. Leakage Resilient Password Systems is designed for professionals working in the security industry.
format text
author Yingjiu LI,
YAN, Qiang
DENG, Robert H.
author_facet Yingjiu LI,
YAN, Qiang
DENG, Robert H.
author_sort Yingjiu LI,
title Leakage Resilient Password Systems
title_short Leakage Resilient Password Systems
title_full Leakage Resilient Password Systems
title_fullStr Leakage Resilient Password Systems
title_full_unstemmed Leakage Resilient Password Systems
title_sort leakage resilient password systems
publisher Institutional Knowledge at Singapore Management University
publishDate 2015
url https://ink.library.smu.edu.sg/sis_research/2980
https://search.library.smu.edu.sg/permalink/f/13b074u/SMU_ALMA5163658820002601
_version_ 1770572765333553152