Password Systems: Problems and Solutions

• Published in: International journal of advanced computer science & applications Vol. 13; no. 6
• Main Author: Lopriore, Lanfranco
• Format: Journal Article
• Language: English
• Published: West Yorkshire Science and Information (SAI) Organization Limited 01.01.2022
• Subjects: Algorithms; Authorizations; Computer science; Passwords; Security; Structural hierarchy
• ISSN: 2158-107X; 2156-5570
• DOI: 10.14569/IJACSA.2022.01306113

In a security environment featuring subjects and objects, we consider an alternative to the classical password paradigm. In this alternative, a key includes a password, an object identifier, and an authorization. A master password is associated with each object. A key is valid if the password in that key descends from the master password by using a validity relation expressed in terms of a symmetric-key algorithm. We analyse a number of security problems. For each problem, a solution is presented and discussed. In certain cases, extensions to the original key paradigm are introduced. The problems considered include the revocation of access authorizations; bounded keys expressing limitations on the number of iterated utilizations of the same key to access the corresponding object; repositories, which are objects aimed at storing keys, possibly organized into hierarchical structures; and the merging of two keys into a single key featuring a composite authorization that includes the access rights in the two keys.