A Secure Network Storage System with Information Privacy

Am ore realistic threat on cryptographic techniques (than breaking the un- derlying computational problems) is exposure of stored secrets that may be secret keys, private keys, password verification data and/or password-encrypted keys. In this paper we propose as ecure network storage system ( NSS )t hat provides not only ah igher leve lo fs ecurity against exposure of stored secrets bu ta lso information privacy with respect to the servers involved. The assumption of the NSS protocol is that ac lient remembers his password and stores an additional secret on insecur e devices. We also analyzed its security of the NSS protocol, followed by som ed iscussions whether the assumption is reasonable or not.

[1]  Xunhua Wang Intrusion-Tolerant Password-Enabled PKI , 2003 .

[2]  J.J. Tardo,et al.  SPX: global authentication using public key certificates , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[5]  Radia J. Perlman,et al.  Secure Password-Based Protocol for Downloading a Private Key , 1999, NDSS.

[6]  Emmanuel Bresson,et al.  Security proofs for an efficient password-based key exchange , 2003, CCS '03.

[7]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[8]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[9]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[10]  R. Sandhu,et al.  Password-Enabled PKI : Virtual Smartcards vs. Virtual Soft Tokens , 2002 .

[11]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[12]  Nokia,et al.  Network Working Group Extensible Authentication Protocol Method for Gsm Subscriber Identity Modules (eap-sim) , 2004 .

[13]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[14]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[15]  Emmanuel Bresson,et al.  New Security Results on Encrypted Key Exchange , 2003, Public Key Cryptography.

[16]  Mihir Bellare,et al.  The AuthA Protocol for Password-Based Authenticated Key Exchange , 2000 .

[17]  David P. Jablon Password Authentication Using Multiple Servers , 2001, CT-RSA.

[18]  Taekyoung Kwon,et al.  Virtual Software Tokens - A Practical Way to Secure PKI Roaming , 2002, InfraSec.