PALPAS - PAssword Less PAssword synchronization

M. Horsch, A.T. Hülsing, J. Buchmann

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

7 Citations (Scopus)

Abstract

Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally. The idea of PALPAS is to generate a password from a high entropy secret shared by all devices and a random salt value for each service. Only the salt values are stored on a server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order for PALPAS to generate passwords according to different password policies, we also present a mechanism that automatically retrieves and processes the password requirements of services. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.

Original languageEnglish
Title of host publicationProceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers
Pages30-39
Number of pages10
ISBN (Electronic)978-1-4673-6590-1
DOIs
Publication statusPublished - 16 Oct 2015
Event10th International Conference on Availability, Reliability and Security, ARES 2015 - Toulouse, France
Duration: 24 Aug 201527 Aug 2015
http://www.ares-conference.eu/ares2015/www.ares-conference.eu/conference/conference-2/index.html

Conference

Conference10th International Conference on Availability, Reliability and Security, ARES 2015
Abbreviated titleARES2015
Country/TerritoryFrance
CityToulouse
Period24/08/1527/08/15
Internet address

Keywords

  • Password Synchronization
  • Password-based Authentication
  • Secure Password Generation

Fingerprint

Dive into the research topics of 'PALPAS - PAssword Less PAssword synchronization'. Together they form a unique fingerprint.

Cite this