Per-session security: Password-based cryptography revisited

Cryptographic security is usually defined as a guarantee that holds except when a bad event with negligible probability occurs, and nothing is guaranteed in that bad case. However, in settings where such failure can happen with substantial probability, one needs to provide guarantees even for the ba...

Full description

Saved in:
Bibliographic Details
Published inJournal of computer security Vol. 27; no. 1; pp. 75 - 111
Main Authors Demay, Grégory, Gaži, Peter, Maurer, Ueli, Tackmann, Björn
Format Journal Article
LanguageEnglish
Published Amsterdam IOS Press BV 01.01.2019
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:Cryptographic security is usually defined as a guarantee that holds except when a bad event with negligible probability occurs, and nothing is guaranteed in that bad case. However, in settings where such failure can happen with substantial probability, one needs to provide guarantees even for the bad case. A typical example is where a (possibly weak) password is used instead of a secure cryptographic key to protect a session, the bad event being that the adversary correctly guesses the password. In a situation with multiple such sessions, a per-session guarantee is desired: any session for which the password has not been guessed remains secure, independently of whether other sessions have been compromised. A new formalism for stating such gracefully degrading security guarantees is introduced and applied to analyze the examples of password-based message authentication and password-based encryption. While a natural per-message guarantee is achieved for authentication, the situation of password-based encryption is more delicate: a per-session confidentiality guarantee only holds against attackers for which the distribution of password-guessing effort over the sessions is known in advance. In contrast, for more general attackers without such a restriction, a strong, composable notion of security cannot be achieved.
ISSN:0926-227X
1875-8924
DOI:10.3233/JCS-181131