Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

TMPS: Ticket-Mediated Password Strengthening

Published

Author(s)

John M. Kelsey, Dana Dachman-Soled, Meltem Sonmez Turan, Sweta Mishra

Abstract

We introduce the notion of Ticket-Mediated Password Strengthening (TMPS), a technique for allowing users to derive keys from passwords while imposing a strict limit on the number of guesses of their password any attacker can make, and strongly protecting the users' privacy. We describe the security requirements of TMPS, and then a set of efficient and practical protocols to implement a TMPS scheme, requiring only hash functions, CCA2-secure encryption, and blind signatures. We provide several variant protocols, including an offline symmetric only protocol that uses a local trusted computing environment, and online variants that avoid the need for blind signatures in favor of group signatures or stronger trust assumptions. We formalize the security of our scheme by defining an ideal functionality in the Universal Composability (UC) framework, and by providing game-based definitions of security. We prove that our protocol realizes the ideal functionality in the random oracle model (ROM) under adaptive corruptions with erasures, and prove that security w.r.t. the ideal/real definition implies security w.r.t. the game-based definitions.
Proceedings Title
The Cryptographer's Track of the RSA Conference
Volume
12006
Conference Dates
February 24-28, 2020
Conference Location
San Francisco, CA
Conference Title
The Cryptographer's Track of the RSA Conference (CT-RSA 2020)

Keywords

Dictionary attacks, TMPS, Key derivation

Citation

Kelsey, J. , Dachman-Soled, D. , Sonmez, M. and Mishra, S. (2020), TMPS: Ticket-Mediated Password Strengthening, The Cryptographer's Track of the RSA Conference, San Francisco, CA, [online], https://doi.org/10.1007/978-3-030-40186-3_11 (Accessed April 21, 2021)
Created February 13, 2020, Updated August 26, 2020