Secure password pocket for distributed web services

Jae Hyung Koo, Dong Hoon Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Password authentication (PA) is a general and well-known technique to authenticate a user who is trying to establish a connection in distributed web services. The main idea of PA is to remove complex information from users so that they can log on servers only with a human-memorable password at anywhere. So far, many papers have been proposed to set up security requirements and improve the efficiency of PA. Most papers consider practical attacks such as password guessing, impersonation and server compromise which occur frequently in the real world. However, they missed an important and critical risk. A revealed password of a user from a server may affect other servers because most people tend to use a same password on different servers. This enables anyone who obtains a password to easily log onto other servers. In this paper, we first introduce a new notion, called "password pocket" which randomizes user's password even if he/she types a same password on different servers. When our password pocket is used, an exposed password does not affect other servers any more. The cost of a password pocket is extremely low since it needs to store only one random number securely.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages327-334
Number of pages8
Volume3779 LNCS
DOIs
Publication statusPublished - 2005 Dec 1
EventIFIP International Conference on Network and Parallel Computing, NPC 2005 - Beijing, China
Duration: 2005 Nov 302005 Dec 3

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3779 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

OtherIFIP International Conference on Network and Parallel Computing, NPC 2005
CountryChina
CityBeijing
Period05/11/3005/12/3

Fingerprint

Password
Web services
Web Services
Servers
Costs and Cost Analysis
Server
Password Authentication
Authentication
Random number
Attack
Tend

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Koo, J. H., & Lee, D. H. (2005). Secure password pocket for distributed web services. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3779 LNCS, pp. 327-334). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3779 LNCS). https://doi.org/10.1007/11577188_47

Secure password pocket for distributed web services. / Koo, Jae Hyung; Lee, Dong Hoon.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3779 LNCS 2005. p. 327-334 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3779 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Koo, JH & Lee, DH 2005, Secure password pocket for distributed web services. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 3779 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3779 LNCS, pp. 327-334, IFIP International Conference on Network and Parallel Computing, NPC 2005, Beijing, China, 05/11/30. https://doi.org/10.1007/11577188_47
Koo JH, Lee DH. Secure password pocket for distributed web services. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3779 LNCS. 2005. p. 327-334. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11577188_47
Koo, Jae Hyung ; Lee, Dong Hoon. / Secure password pocket for distributed web services. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3779 LNCS 2005. pp. 327-334 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{138fea5f7d804203b7e2d9d171c09e1d,
title = "Secure password pocket for distributed web services",
abstract = "Password authentication (PA) is a general and well-known technique to authenticate a user who is trying to establish a connection in distributed web services. The main idea of PA is to remove complex information from users so that they can log on servers only with a human-memorable password at anywhere. So far, many papers have been proposed to set up security requirements and improve the efficiency of PA. Most papers consider practical attacks such as password guessing, impersonation and server compromise which occur frequently in the real world. However, they missed an important and critical risk. A revealed password of a user from a server may affect other servers because most people tend to use a same password on different servers. This enables anyone who obtains a password to easily log onto other servers. In this paper, we first introduce a new notion, called {"}password pocket{"} which randomizes user's password even if he/she types a same password on different servers. When our password pocket is used, an exposed password does not affect other servers any more. The cost of a password pocket is extremely low since it needs to store only one random number securely.",
author = "Koo, {Jae Hyung} and Lee, {Dong Hoon}",
year = "2005",
month = "12",
day = "1",
doi = "10.1007/11577188_47",
language = "English",
isbn = "354029810X",
volume = "3779 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "327--334",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Secure password pocket for distributed web services

AU - Koo, Jae Hyung

AU - Lee, Dong Hoon

PY - 2005/12/1

Y1 - 2005/12/1

N2 - Password authentication (PA) is a general and well-known technique to authenticate a user who is trying to establish a connection in distributed web services. The main idea of PA is to remove complex information from users so that they can log on servers only with a human-memorable password at anywhere. So far, many papers have been proposed to set up security requirements and improve the efficiency of PA. Most papers consider practical attacks such as password guessing, impersonation and server compromise which occur frequently in the real world. However, they missed an important and critical risk. A revealed password of a user from a server may affect other servers because most people tend to use a same password on different servers. This enables anyone who obtains a password to easily log onto other servers. In this paper, we first introduce a new notion, called "password pocket" which randomizes user's password even if he/she types a same password on different servers. When our password pocket is used, an exposed password does not affect other servers any more. The cost of a password pocket is extremely low since it needs to store only one random number securely.

AB - Password authentication (PA) is a general and well-known technique to authenticate a user who is trying to establish a connection in distributed web services. The main idea of PA is to remove complex information from users so that they can log on servers only with a human-memorable password at anywhere. So far, many papers have been proposed to set up security requirements and improve the efficiency of PA. Most papers consider practical attacks such as password guessing, impersonation and server compromise which occur frequently in the real world. However, they missed an important and critical risk. A revealed password of a user from a server may affect other servers because most people tend to use a same password on different servers. This enables anyone who obtains a password to easily log onto other servers. In this paper, we first introduce a new notion, called "password pocket" which randomizes user's password even if he/she types a same password on different servers. When our password pocket is used, an exposed password does not affect other servers any more. The cost of a password pocket is extremely low since it needs to store only one random number securely.

UR - http://www.scopus.com/inward/record.url?scp=33745352074&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745352074&partnerID=8YFLogxK

U2 - 10.1007/11577188_47

DO - 10.1007/11577188_47

M3 - Conference contribution

AN - SCOPUS:33745352074

SN - 354029810X

SN - 9783540298106

VL - 3779 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 327

EP - 334

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -