Contributions to Proceedings:

M. Maffei, M. Reinert, R. Lai, C. Egger, S. Chow, D. Schröder:
"Simple Password Hardened Encryption Services";
in: "Proceedings of the 27th USENIX Security Symposium", 27th; issued by: USENIX Association Berkley, CA, USA; USENIX, 2018, ISBN: 978-1-931971-46-1, 1405 - 1421.

English abstract:
Passwords and access control remain the popular choice
for protecting sensitive data stored online, despite their
well-known vulnerability to brute-force attacks. A natu-
ral solution is to use encryption. Although standard prac-
tices of using encryption somewhat alleviate the prob-
lem, decryption is often needed for utility, and keeping
the decryption key within reach is obviously dangerous.
To address this seemingly unavoidable problem in
data security, we propose password-hardened encryp-
tion (PHE). With the help of an external crypto server,
a service provider can recover the user data encrypted
by PHE only when an end user supplied a correct pass-
word. PHE inherits the security features of password-
hardening (Usenix Security 15), adding protection for
the user data. In particular, the crypto server does not
learn any information about any user data. More impor-
tantly, both the crypto server and the service provider can
rotate their secret keys, a proactive security mechanism
mandated by the Payment Card Industry Data Security
Standard (PCI DSS).
We build an extremely simple password-hardened en-
cryption scheme. Compared with the state-of-the-art
password-hardening scheme (Usenix Security 17), our
scheme only uses minimal number-theoretic operations
and is, therefore, 30% - 50% more efficient. In fact, our
extensive experimental evaluation demonstrates that our
scheme can handle more than 525 encryption and (suc-
cessful) decryption requests per second per core, which
shows that it is lightweight and readily deployable in
large-scale systems. Regarding security, our scheme also
achieves a stronger soundness property, which puts less
trust on the good behavior of the crypto server.

Password, Encryption, Hardened, Simple

Electronic version of the publication:

Created from the Publication Database of the Vienna University of Technology.