Article

Networked Cryptographic Devices Resilient to Capture

Authors:

Philip MacKenzie,

Michael K. ReiterAuthors Info & Claims

SP '01: Proceedings of the 2001 IEEE Symposium on Security and Privacy

Page 12

Published: 14 May 2001 Publication History

Publisher Site

Abstract

Abstract: We present a simple technique by which a device that performs private key operations (signatures or decryptions) in networked applications, and whose local private key is activated with a password or PIN, can be immunized to off-line dictionary attacks in case the device is captured. Our techniques do not assume tamper resistance of the device, but rather exploit the networked nature of the device, in that the device's private key operations are performed using a simple interaction with a remote server. This server, however, is untrusted--its compromise does not reduce the security of the device's private key unless the device is also captured--and need not have a prior relationship with the device. We further extend this approach with support for key disabling, by which the rightful owner of a stolen device can disable the device's private key even if the attacker already knows the user's password.

Cited By

View all

Kurnikov APaverd AMannan MAsokan N(2018)Keys in the CloudsProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3234518(1-10)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3234518
Xia YLiu YTan CMa MGuan HZang BChen HRéveillère LHarris THerlihy M(2015)TinManProceedings of the Tenth European Conference on Computer Systems10.1145/2741948.2741977(1-16)Online publication date: 17-Apr-2015
https://dl.acm.org/doi/10.1145/2741948.2741977
Köhler JMittag JHartenstein HConti MVaidya JSchaad A(2013)User-centric management of distributed credential repositoriesProceedings of the 18th ACM symposium on Access control models and technologies10.1145/2462410.2462412(237-248)Online publication date: 12-Jun-2013
https://dl.acm.org/doi/10.1145/2462410.2462412
Show More Cited By

Recommendations

Networked cryptographic devices resilient to capture

We present a simple technique by which a device that performs private key operations (signatures or decryptions) in networked applications and whose local private key is activated with a password or PIN can be immunized to offline dictionary attacks in ...
Networked Cryptographic Devices Resilient to Capture
Delegation of cryptographic servers for capture-resilient devices
CCS '01: Proceedings of the 8th ACM conference on Computer and Communications Security

A device that performs private key operations (signatures or decryptions), and whose private key operations are protected by a password, can be immunized against offline dictionary attacks in case of capture by forcing the device to confirm a password ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SP '01: Proceedings of the 2001 IEEE Symposium on Security and Privacy

May 2001

Publisher

IEEE Computer Society

United States

Publication History

Published: 14 May 2001

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kurnikov APaverd AMannan MAsokan N(2018)Keys in the CloudsProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3234518(1-10)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3234518
Xia YLiu YTan CMa MGuan HZang BChen HRéveillère LHarris THerlihy M(2015)TinManProceedings of the Tenth European Conference on Computer Systems10.1145/2741948.2741977(1-16)Online publication date: 17-Apr-2015
https://dl.acm.org/doi/10.1145/2741948.2741977
Köhler JMittag JHartenstein HConti MVaidya JSchaad A(2013)User-centric management of distributed credential repositoriesProceedings of the 18th ACM symposium on Access control models and technologies10.1145/2462410.2462412(237-248)Online publication date: 12-Jun-2013
https://dl.acm.org/doi/10.1145/2462410.2462412
Tang YAmes PBhamidipati SBijlani AGeambasu RSarda NVahdat AThekkath C(2012)CleanOSProceedings of the 10th USENIX conference on Operating Systems Design and Implementation10.5555/2387880.2387888(77-91)Online publication date: 8-Oct-2012
https://dl.acm.org/doi/10.5555/2387880.2387888
Sau SPaul RBiswas TChakrabarti AGopalan KThampi S(2012)A novel AES-256 implementation on FPGA using co-processor based architectureProceedings of the International Conference on Advances in Computing, Communications and Informatics10.1145/2345396.2345499(632-638)Online publication date: 3-Aug-2012
https://dl.acm.org/doi/10.1145/2345396.2345499
Mashima DAhamad MLuo GLiu JYang C(2012)Enhancing accountability of electronic health record usage via patient-centric monitoringProceedings of the 2nd ACM SIGHIT International Health Informatics Symposium10.1145/2110363.2110410(409-418)Online publication date: 28-Jan-2012
https://dl.acm.org/doi/10.1145/2110363.2110410
Chen YLu JJan J(2012)A Secure EHR System Based on Hybrid CloudsJournal of Medical Systems10.1007/s10916-012-9830-636:5(3375-3384)Online publication date: 1-Oct-2012
https://dl.acm.org/doi/10.1007/s10916-012-9830-6
Kwon T(2011)Privacy preservation with X.509 standard certificatesInformation Sciences: an International Journal10.1016/j.ins.2011.02.016181:13(2906-2921)Online publication date: 1-Jul-2011
https://dl.acm.org/doi/10.1016/j.ins.2011.02.016
Studer APerrig AWetzel SNita-Rotaru CStajano F(2010)Mobile user location-specific encryption (MULE)Proceedings of the third ACM conference on Wireless network security10.1145/1741866.1741892(151-162)Online publication date: 22-Mar-2010
https://dl.acm.org/doi/10.1145/1741866.1741892
Mashima DAhamad MKannan S(2009)User-centric handling of identity agent compromiseProceedings of the 14th European conference on Research in computer security10.5555/1813084.1813087(19-36)Online publication date: 21-Sep-2009
https://dl.acm.org/doi/10.5555/1813084.1813087
Show More Cited By

Abstract

Cited By

Recommendations