PALPAS - PAssword Less PAssword synchronization

M. Horsch, A.T. Hülsing, J. Buchmann

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Citation (Scopus)

Abstract

Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally. The idea of PALPAS is to generate a password from a high entropy secret shared by all devices and a random salt value for each service. Only the salt values are stored on a server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order for PALPAS to generate passwords according to different password policies, we also present a mechanism that automatically retrieves and processes the password requirements of services. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.

Original languageEnglish
Title of host publicationProceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers
Pages30-39
Number of pages10
ISBN (Electronic)978-1-4673-6590-1
DOIs
Publication statusPublished - 16 Oct 2015
Event10th International Conference on Availability, Reliability and Security, ARES 2015 - Toulouse, France
Duration: 24 Aug 201527 Aug 2015

Conference

Conference10th International Conference on Availability, Reliability and Security, ARES 2015
CountryFrance
CityToulouse
Period24/08/1527/08/15

Fingerprint

Synchronization
Salts
Entropy
Cryptography
Servers

Keywords

  • Password Synchronization
  • Password-based Authentication
  • Secure Password Generation

Cite this

Horsch, M., Hülsing, A. T., & Buchmann, J. (2015). PALPAS - PAssword Less PAssword synchronization. In Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015 (pp. 30-39). [7299896] Piscataway: Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/ARES.2015.23
Horsch, M. ; Hülsing, A.T. ; Buchmann, J. / PALPAS - PAssword Less PAssword synchronization. Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015. Piscataway : Institute of Electrical and Electronics Engineers, 2015. pp. 30-39
@inproceedings{0919b1d1eae644fc801b748f865722bf,
title = "PALPAS - PAssword Less PAssword synchronization",
abstract = "Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally. The idea of PALPAS is to generate a password from a high entropy secret shared by all devices and a random salt value for each service. Only the salt values are stored on a server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order for PALPAS to generate passwords according to different password policies, we also present a mechanism that automatically retrieves and processes the password requirements of services. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.",
keywords = "Password Synchronization, Password-based Authentication, Secure Password Generation",
author = "M. Horsch and A.T. H{\"u}lsing and J. Buchmann",
year = "2015",
month = "10",
day = "16",
doi = "10.1109/ARES.2015.23",
language = "English",
pages = "30--39",
booktitle = "Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015",
publisher = "Institute of Electrical and Electronics Engineers",
address = "United States",

}

Horsch, M, Hülsing, AT & Buchmann, J 2015, PALPAS - PAssword Less PAssword synchronization. in Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015., 7299896, Institute of Electrical and Electronics Engineers, Piscataway, pp. 30-39, 10th International Conference on Availability, Reliability and Security, ARES 2015, Toulouse, France, 24/08/15. https://doi.org/10.1109/ARES.2015.23

PALPAS - PAssword Less PAssword synchronization. / Horsch, M.; Hülsing, A.T.; Buchmann, J.

Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015. Piscataway : Institute of Electrical and Electronics Engineers, 2015. p. 30-39 7299896.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - PALPAS - PAssword Less PAssword synchronization

AU - Horsch, M.

AU - Hülsing, A.T.

AU - Buchmann, J.

PY - 2015/10/16

Y1 - 2015/10/16

N2 - Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally. The idea of PALPAS is to generate a password from a high entropy secret shared by all devices and a random salt value for each service. Only the salt values are stored on a server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order for PALPAS to generate passwords according to different password policies, we also present a mechanism that automatically retrieves and processes the password requirements of services. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.

AB - Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally. The idea of PALPAS is to generate a password from a high entropy secret shared by all devices and a random salt value for each service. Only the salt values are stored on a server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order for PALPAS to generate passwords according to different password policies, we also present a mechanism that automatically retrieves and processes the password requirements of services. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.

KW - Password Synchronization

KW - Password-based Authentication

KW - Secure Password Generation

UR - http://www.scopus.com/inward/record.url?scp=84961656588&partnerID=8YFLogxK

U2 - 10.1109/ARES.2015.23

DO - 10.1109/ARES.2015.23

M3 - Conference contribution

AN - SCOPUS:84961656588

SP - 30

EP - 39

BT - Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015

PB - Institute of Electrical and Electronics Engineers

CY - Piscataway

ER -

Horsch M, Hülsing AT, Buchmann J. PALPAS - PAssword Less PAssword synchronization. In Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015. Piscataway: Institute of Electrical and Electronics Engineers. 2015. p. 30-39. 7299896 https://doi.org/10.1109/ARES.2015.23