Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing
Authors: Peter Mayer, Melanie Volkamer

Date: December 7 2015
Publication: Proceedings of the 31st Annual Computer Security Applications Conference (ASAC 2015)
Page(s): 431 - 440
Publisher: ACM
Source 1:
Source 2: - Subscription or payment required

Abstract or Summary:
The ubiquitous usage of mobile devices in public spaces increases the risk of falling victim to shoulder surfing attacks, i.e. being observed by others during authentication. A promising approach to mitigating such shoulder surfing risks is portfolio authentication. It requires only an authorized subset of the password as input during each authentication attempt. One open challenge regarding portfolio authentication is how to securely and efficiently verify that a user input is actually an authorized subset of the password. In this paper we propose the (t, n)-threshold verification scheme, a novel scheme using Blakley secret sharing to provide secure verification of all authorized subsets of the password. Due to the lack of a viable alternative, we evaluate the efficiency of the (t, n)-threshold verification scheme in comparison to a naive approach. In terms of storage, the (t, n)-threshold verification scheme outperforms the naive approach in all settings and it offers lower computation times in most settings. Note: Project page:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019