Secure password pocket for distributed web services

Jae Hyung Koo, Dong Hoon Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Password authentication (PA) is a general and well-known technique to authenticate a user who is trying to establish a connection in distributed web services. The main idea of PA is to remove complex information from users so that they can log on servers only with a human-memorable password at anywhere. So far, many papers have been proposed to set up security requirements and improve the efficiency of PA. Most papers consider practical attacks such as password guessing, impersonation and server compromise which occur frequently in the real world. However, they missed an important and critical risk. A revealed password of a user from a server may affect other servers because most people tend to use a same password on different servers. This enables anyone who obtains a password to easily log onto other servers. In this paper, we first introduce a new notion, called "password pocket" which randomizes user's password even if he/she types a same password on different servers. When our password pocket is used, an exposed password does not affect other servers any more. The cost of a password pocket is extremely low since it needs to store only one random number securely.

Original languageEnglish
Title of host publicationNetwork and Parallel Computing - IFIP International Conference, NPC 2005, Proceedings
Pages327-334
Number of pages8
DOIs
Publication statusPublished - 2005
EventIFIP International Conference on Network and Parallel Computing, NPC 2005 - Beijing, China
Duration: 2005 Nov 302005 Dec 3

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3779 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

OtherIFIP International Conference on Network and Parallel Computing, NPC 2005
CountryChina
CityBeijing
Period05/11/3005/12/3

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Secure password pocket for distributed web services'. Together they form a unique fingerprint.

  • Cite this

    Koo, J. H., & Lee, D. H. (2005). Secure password pocket for distributed web services. In Network and Parallel Computing - IFIP International Conference, NPC 2005, Proceedings (pp. 327-334). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3779 LNCS). https://doi.org/10.1007/11577188_47