Browse > Article
http://dx.doi.org/10.7840/kics.2014.39B.6.333

A Scheme for Secure Storage and Retrieval of (ID, Password) Pairs Using Smart Cards as Secure and Portable Storages  

Park, Jun-Cheol (Department of Computer Engineering, Hongik University)
Abstract
Despite the security weakness of reusing passwords, many Internet users are likely to use a single ID and password on various sites to avoid the inconvenience of remembering multiple credentials. This paper proposes a scheme for securely storing, retrieving, and updating randomly chosen (ID, password) pairs by using smart cards as secure and portable storages. The scheme makes a user free from remembering her (ID, password) pairs for Internet accesses. By splitting and scattering the (ID, password) pairs of a user across the user's smart card memory and a remote server's storage, it can protect the logon credentials even from the theft or loss of the smart card. Also, a user, if deemed necessary, can issue and let the server to delete all information belonging to the user. Hence even an attacker who cracked the smart card memory would not be able to obtain any (ID, password) pair of the victim thereafter. The scheme requires a user to input a site information and pass-phrase to her smart card to obtain the logon credentials, but it should be an acceptable overhead considering the benefits of not remembering the freely chosen (ID, password) pairs at all.
Keywords
authentication; password; smart card; secret sharing; security;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 J. C. Park, "Improving data availability by data partitioning and partial overlapping on multiple cloud storages," J. KICS, vol. 36B, no. 12, pp. 1498-1508, Dec. 2011.   과학기술학회마을   DOI   ScienceOn
2 A. Forget, S. Chiasson, P.C. van Oorschot, and R. Biddle, "Improving text passwords through persuasion," in Proc. Symp. Usable Privacy and Security (SOUPS), pp. 1-12, Jul. 2008.
3 N. Wright, A.S. Patrick, and R. Biddle, "Do you see your password? applying recognition to textual passwords," in Proc. Symp. Usable Privacy and Security (SOUPS), Jul. 2012.
4 S. Maqsood, Text password authentication using cued text passwords, Honours Project, School of Computer Science, Carleton University, Dec. 2013.
5 T. Dierks and E. Rescorla, "The transport layer security (TLS) protocol version 1.2," RFC 5246, Aug. 2008.
6 J. Qiuyan, K. Lee, and D. Won, "Cryptanalysis of a secure remote user authentication scheme," J. KICS, vol. 37C, no. 8, Aug. 2012.   과학기술학회마을   DOI   ScienceOn
7 R. Madhusudhan and R. C. Mittal, "Dynamic ID-based remote user password authentication schemes using smart cards: a review," J. Netw. Comput. Appl., vol. 35, pp. 1235-1248, 2012.   DOI   ScienceOn
8 R. Song, "Advanced smart card based password authentication protocol," Computer Standards & Interfaces, vol. 32, pp. 321-325, 2010.   DOI   ScienceOn
9 M. Stamp, Information Security: Principles and Practice, 2nd Ed., pp. 229-254, NY: John Wiley & Sons, 2011.
10 J. Yan, A. Blackwell, R. Anderson, and A. Grant, "Password memorability and security: empirical results," IEEE Security and Privacy, vol. 2, no. 5, pp. 25-31, Sept. 2004.   DOI   ScienceOn
11 S. Chiasson, A. Forget, E. Stobert, P.C. van Oorschot, and R. Biddle, "Multiple password interference in text passwords and click-based graphical passwords," in Proc. ACM Conf. Comput. Commun. Security (CCS), 2009.
12 C. Kuo, S. Romanosky, and L.F. Cranor, "Human selection of mnemonic phrase-based passwords," in Proc. Symp. Usable Privacy and Security (SOUPS), 2006.
13 S. Chiasson and P. C. van Oorschot, and R. Biddle "A usability study and critique of two password managers," in Proc. Conf. USENIX Security Symp.(USENIX-SS), vol. 15, 2006.
14 R. Biddle, S. Chiasson, and P.C. van Oorschot, "Graphical passwords: Learning from the first twelve years," ACM Computing Surveys, vol. 44, no. 4, pp. 19:1-19:44, Sept. 2012.
15 X. Li, J. Niu, M.K. Khan, and J. Liao, "An enhanced smart card based remote user password authentication scheme," J. Netw. Comput. Appl., vol. 36, pp. 1365-1371, 2013.   DOI   ScienceOn
16 M. Kim, "Security analysis and enhancement of Tsai et al.'s smart-card based authentication scheme," J. KICS, vol. 39B, no. 1, pp. 29-37, Jan. 2014.   과학기술학회마을   DOI   ScienceOn
17 L. Lamport, "Password authentication with insecure communication," Commun. ACM, vol. 24, no 11, pp. 770-772, 1981.   DOI   ScienceOn
18 N. Haller, The S/KEY one-time password system, RFC 1760, Feb. 1995.