Update-tolerant and Revocable Password Backup
Date: July 3 2017
Publication: Australasian Conference on Information Security and Privacy, ACISP 2017 / Lecture Notes in Computer Science, Vol 10343
Page(s): 390 - 397
Source 1: https://arxiv.org/abs/1704.02883
Source 2: https://dx.doi.org/10.1007/978-3-319-59870-3_23 - Subscription or payment required
Abstract or Summary:
It is practically impossible for users to memorize a large portfolio of strong and individual passwords for their online accounts. A solution is to generate passwords randomly and store them. Yet, storing passwords instead of memorizing them bears the risk of loss, e.g., in situations where the device on which the passwords are stored is damaged, lost, or stolen. This makes the creation of backups of the passwords indispensable. However, placing such backups at secure locations to protect them as well from loss and unauthorized access and keeping them up-to-date at the same time is an unsolved problem in practice.
We present PASCO, a backup solution for passwords that solves this challenge. PASCO backups need not to be updated, even when the userís password portfolio is changed. PASCO backups can be revoked without having physical access to them. This prevents password leakage, even when a user loses control over a backup. Additionally, we show how to extend PASCO to enable a fully controllable emergency access. It allows a user to give someone else access to his passwords in urgent situations.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.