Secure Secret Recovery by using Weighted Personal Entropy
Authentication plays a vital role in many secure
systems. Most of these systems require user to log in with his or her
secret password or pass phrase before entering it. This is to ensure all
the valuables information is kept confidential guaranteeing also its
integrity and availability. However, to achieve this goal, users are
required to memorize high entropy passwords or pass phrases.
Unfortunately, this sometimes causes difficulty for user to remember
meaningless strings of data. This paper presents a new scheme which
assigns a weight to each personal question given to the user in
revealing the encrypted secrets or password. Concentration of this
scheme is to offer fault tolerance to users by allowing them to forget
the specific password to a subset of questions and still recover the
secret and achieve successful authentication. Comparison on level of
security for weight-based and weightless secret recovery scheme is
also discussed. The paper concludes with the few areas that requires
more investigation in this research.
[1] Adi Shamir, "How to Share a Secret" Communications of the ACM,
vol. 22, no. 11, 1979.
[2] Amos Beimel, Tamir Tassa and Enav Wienreb, "Characterizing Ideal
Weighted Threshold Secret Sharing", The proceedings of the Second
Theory of Cryptography Conference (TCC), 2005, pp. 600-619.
[3] Ari Juels and Martin Wattenberg, "A Fuzzy Commitment Scheme", 5th
ACM Conference on Computer and Communication Security, 1999,
pp. 28- 36.
[4] C. Ellison, C. Hall, R.Milbert and B.Schneier, "Protecting Secret Keys
with Personal Entropy", Future Generation Computer Systems, vol. 16,
pp. 311-318, 2000.
[5] Charles Miller, "Password Recovery", GNU, Free Software
Foundation, 2002.
[6] Daniel Bleichenbacher and Phong Q. Nguyen, "Noisy Polynomial
Interpolation and Noisy Chinese Remaindering", Proceedings of
Eurocrypt 2000: LNCS 1807, 2000, pp. 53-69
[7] Ernest F. Brickell, "Some Ideal Secret Sharing Schemes", Journal of
Combinatorial Mathematics and Combinatorial Computing, vol. 6,
pp. 105-113, 1989
[8] Gustavus J. Simmons, "How To (really) Share A Secret", CRYPTO
88, volume 403 of LNCS, 1990, pp. 390-448.
[9] G. R. Blakley, "Safeguarding Cryptographic Keys", AFIPS 1979
National Computer Conference Proceedings, 1979, pp. 313-317.
[10] Hal Abelson and Ross Anderson, The Risks of Key Recovery, Key
Escrow, Trusted Third Party and Encryption, Report by an Ad Hoc
Group of Cryptographers and Computer Scientists, 1998.
[11] Julie E. Kendall and Kenneth E. Kendall, System Analysis and Design,
Sixth edition, US: Pearson Prentice Hall, 2005.
[12] K. McCurley, "A Key Distribution System Equivalent to Factoring",
Journal of Cryptology, vol. 1, pp. 85- 105, 1988.
[13] Kooshiar Azimian and Javad Mohajeri, A Verifiable Partial Key
Escrow, Based on McCurley Encryption Scheme, Electronic
Colloquium on Computational Complexity, ECCC Report TR05-078,
2005.
[14] Lawrence O-Gorman, Amit Bagga and Jon Bentley, "Call Center
Customer Verification by Query-Directed Passwords", Financial
Cryptography: 8th International Conference (FC), 2004, pp. 54-67.
[15] Manezes A.J, Van oorschot P.C and Vanstone S.A, Handbook of
Applied Cryptography, Boca Raton, CRC Press, 1998.
[16] M. Ito, A. Saito and T. Nishizeki, "Secret Sharing Schemes Realizing
General Access Structure", Proceedings of IEEE Globecom, 1987, pp.
99-102.
[17] Niklas Frykholm and Ari Juels, "Error-Tolerant Password Recovery",
Proceedings ACM Conference of Computer and Communications
Security, 2001, pp. 1-8.
[18] Z. Shmuley, Diffie-Hellman Public-Key Generating Systems Are Hard
To Break. Technical Report No.356, Computer Science Department,
Technion, Israel, 1985.
[19] E. D. Karnin, J. W. Greene and M. E. Hellman, "On Secret Sharing
Systems", IEEE Trans. on Information Theory, vol. 29(1), pp. 35-41.
[20] Taylor-Powell, E. "Questionnaire Design Asking Questions with A
Purpose", University of Wisconsin Extension, 1998.
[1] Adi Shamir, "How to Share a Secret" Communications of the ACM,
vol. 22, no. 11, 1979.
[2] Amos Beimel, Tamir Tassa and Enav Wienreb, "Characterizing Ideal
Weighted Threshold Secret Sharing", The proceedings of the Second
Theory of Cryptography Conference (TCC), 2005, pp. 600-619.
[3] Ari Juels and Martin Wattenberg, "A Fuzzy Commitment Scheme", 5th
ACM Conference on Computer and Communication Security, 1999,
pp. 28- 36.
[4] C. Ellison, C. Hall, R.Milbert and B.Schneier, "Protecting Secret Keys
with Personal Entropy", Future Generation Computer Systems, vol. 16,
pp. 311-318, 2000.
[5] Charles Miller, "Password Recovery", GNU, Free Software
Foundation, 2002.
[6] Daniel Bleichenbacher and Phong Q. Nguyen, "Noisy Polynomial
Interpolation and Noisy Chinese Remaindering", Proceedings of
Eurocrypt 2000: LNCS 1807, 2000, pp. 53-69
[7] Ernest F. Brickell, "Some Ideal Secret Sharing Schemes", Journal of
Combinatorial Mathematics and Combinatorial Computing, vol. 6,
pp. 105-113, 1989
[8] Gustavus J. Simmons, "How To (really) Share A Secret", CRYPTO
88, volume 403 of LNCS, 1990, pp. 390-448.
[9] G. R. Blakley, "Safeguarding Cryptographic Keys", AFIPS 1979
National Computer Conference Proceedings, 1979, pp. 313-317.
[10] Hal Abelson and Ross Anderson, The Risks of Key Recovery, Key
Escrow, Trusted Third Party and Encryption, Report by an Ad Hoc
Group of Cryptographers and Computer Scientists, 1998.
[11] Julie E. Kendall and Kenneth E. Kendall, System Analysis and Design,
Sixth edition, US: Pearson Prentice Hall, 2005.
[12] K. McCurley, "A Key Distribution System Equivalent to Factoring",
Journal of Cryptology, vol. 1, pp. 85- 105, 1988.
[13] Kooshiar Azimian and Javad Mohajeri, A Verifiable Partial Key
Escrow, Based on McCurley Encryption Scheme, Electronic
Colloquium on Computational Complexity, ECCC Report TR05-078,
2005.
[14] Lawrence O-Gorman, Amit Bagga and Jon Bentley, "Call Center
Customer Verification by Query-Directed Passwords", Financial
Cryptography: 8th International Conference (FC), 2004, pp. 54-67.
[15] Manezes A.J, Van oorschot P.C and Vanstone S.A, Handbook of
Applied Cryptography, Boca Raton, CRC Press, 1998.
[16] M. Ito, A. Saito and T. Nishizeki, "Secret Sharing Schemes Realizing
General Access Structure", Proceedings of IEEE Globecom, 1987, pp.
99-102.
[17] Niklas Frykholm and Ari Juels, "Error-Tolerant Password Recovery",
Proceedings ACM Conference of Computer and Communications
Security, 2001, pp. 1-8.
[18] Z. Shmuley, Diffie-Hellman Public-Key Generating Systems Are Hard
To Break. Technical Report No.356, Computer Science Department,
Technion, Israel, 1985.
[19] E. D. Karnin, J. W. Greene and M. E. Hellman, "On Secret Sharing
Systems", IEEE Trans. on Information Theory, vol. 29(1), pp. 35-41.
[20] Taylor-Powell, E. "Questionnaire Design Asking Questions with A
Purpose", University of Wisconsin Extension, 1998.
@article{"International Journal of Information, Control and Computer Sciences:60075", author = "Leau Y. B. and Dinna Nina M. N. and Habeeb S. A. H. and Jetol B.", title = "Secure Secret Recovery by using Weighted Personal Entropy", abstract = "Authentication plays a vital role in many secure
systems. Most of these systems require user to log in with his or her
secret password or pass phrase before entering it. This is to ensure all
the valuables information is kept confidential guaranteeing also its
integrity and availability. However, to achieve this goal, users are
required to memorize high entropy passwords or pass phrases.
Unfortunately, this sometimes causes difficulty for user to remember
meaningless strings of data. This paper presents a new scheme which
assigns a weight to each personal question given to the user in
revealing the encrypted secrets or password. Concentration of this
scheme is to offer fault tolerance to users by allowing them to forget
the specific password to a subset of questions and still recover the
secret and achieve successful authentication. Comparison on level of
security for weight-based and weightless secret recovery scheme is
also discussed. The paper concludes with the few areas that requires
more investigation in this research.", keywords = "Secret Recovery, Personal Entropy, Cryptography,
Secret Sharing and Key Management.", volume = "1", number = "11", pages = "3583-6", }
