TL;DR
AuthStore is a flexible framework enabling secure password reuse for authentication and encrypted cloud storage, integrating password stretching and a new compact PAKE protocol, with a supporting password manager.
Contribution
It introduces AuthStore, a unified system for secure password-based authentication and encrypted storage, featuring a novel compact PAKE protocol and password management support.
Findings
Designed a compact PAKE protocol integrating password stretching
Identified and analyzed a parameter attack affecting existing solutions
Developed a password manager supporting CompactPAKE
Abstract
Passwords are widely used for client to server authentication as well as for encrypting data stored in untrusted environments, such as cloud storage. Both, authentication and encrypted cloud storage, are usually discussed in isolation. In this work, we propose AuthStore, a flexible authentication framework that allows users to securely reuse passwords for authentication as well as for encrypted cloud storage at a single or multiple service providers. Users can configure how secure passwords are protected using password stretching techniques. We present a compact password-authenticated key exchange protocol (CompactPAKE) that integrates the retrieval of password stretching parameters. A parameter attack is described and we show how existing solutions suffer from this attack. Furthermore, we introduce a password manager that supports CompactPAKE.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
