Password typos resilience in honey encryption

Hoyul Choi; Hyunjae Nam; Junbeom Hur

doi:10.1109/ICOIN.2017.7899565

Password typos resilience in honey encryption

Hoyul Choi, Hyunjae Nam, Junbeom Hur

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

14 Citations (Scopus)

Abstract

Honey encryption (HE) is a novel password-based encryption scheme which is secure against brute-force attack even if users' passwords have min-entropy. However, because decryption under a wrong key produces fake but valid-looking messages to everyone, typos in password may confuse even legitimate users in HE. This has been one of the most challenging problems in HE. In this paper, we propose two types of protocols that enable legitimate users to detect the typos in a password. We compare and analyze the performance and security of each scheme. The analysis results show that the proposed schemes can effectively solve the typos problem in HE while providing message recovery security.

Original language	English
Title of host publication	31st International Conference on Information Networking, ICOIN 2017
Publisher	IEEE Computer Society
Pages	593-598
Number of pages	6
ISBN (Electronic)	9781509051243
DOIs	https://doi.org/10.1109/ICOIN.2017.7899565
Publication status	Published - 2017 Apr 13
Event	31st International Conference on Information Networking, ICOIN 2017 - Da Nang, Viet Nam Duration: 2017 Jan 11 → 2017 Jan 13

Publication series

Name	International Conference on Information Networking
ISSN (Print)	1976-7684

Other

Other	31st International Conference on Information Networking, ICOIN 2017
Country/Territory	Viet Nam
City	Da Nang
Period	17/1/11 → 17/1/13

Keywords

brute-force resilience
honey encryption
password typo
password-based encryption

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems

Access to Document

10.1109/ICOIN.2017.7899565

Cite this

Choi, H, Nam, H & Hur, J 2017, Password typos resilience in honey encryption. in 31st International Conference on Information Networking, ICOIN 2017., 7899565, International Conference on Information Networking, IEEE Computer Society, pp. 593-598, 31st International Conference on Information Networking, ICOIN 2017, Da Nang, Viet Nam, 17/1/11. https://doi.org/10.1109/ICOIN.2017.7899565

@inproceedings{8150d3ebf8dd4cf0a6891e06231b7461,

title = "Password typos resilience in honey encryption",

abstract = "Honey encryption (HE) is a novel password-based encryption scheme which is secure against brute-force attack even if users' passwords have min-entropy. However, because decryption under a wrong key produces fake but valid-looking messages to everyone, typos in password may confuse even legitimate users in HE. This has been one of the most challenging problems in HE. In this paper, we propose two types of protocols that enable legitimate users to detect the typos in a password. We compare and analyze the performance and security of each scheme. The analysis results show that the proposed schemes can effectively solve the typos problem in HE while providing message recovery security.",

keywords = "brute-force resilience, honey encryption, password typo, password-based encryption",

author = "Hoyul Choi and Hyunjae Nam and Junbeom Hur",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 31st International Conference on Information Networking, ICOIN 2017 ; Conference date: 11-01-2017 Through 13-01-2017",

year = "2017",

month = apr,

day = "13",

doi = "10.1109/ICOIN.2017.7899565",

language = "English",

series = "International Conference on Information Networking",

publisher = "IEEE Computer Society",

pages = "593--598",

booktitle = "31st International Conference on Information Networking, ICOIN 2017",

}

TY - GEN

T1 - Password typos resilience in honey encryption

AU - Choi, Hoyul

AU - Nam, Hyunjae

AU - Hur, Junbeom

PY - 2017/4/13

Y1 - 2017/4/13

N2 - Honey encryption (HE) is a novel password-based encryption scheme which is secure against brute-force attack even if users' passwords have min-entropy. However, because decryption under a wrong key produces fake but valid-looking messages to everyone, typos in password may confuse even legitimate users in HE. This has been one of the most challenging problems in HE. In this paper, we propose two types of protocols that enable legitimate users to detect the typos in a password. We compare and analyze the performance and security of each scheme. The analysis results show that the proposed schemes can effectively solve the typos problem in HE while providing message recovery security.

AB - Honey encryption (HE) is a novel password-based encryption scheme which is secure against brute-force attack even if users' passwords have min-entropy. However, because decryption under a wrong key produces fake but valid-looking messages to everyone, typos in password may confuse even legitimate users in HE. This has been one of the most challenging problems in HE. In this paper, we propose two types of protocols that enable legitimate users to detect the typos in a password. We compare and analyze the performance and security of each scheme. The analysis results show that the proposed schemes can effectively solve the typos problem in HE while providing message recovery security.

KW - brute-force resilience

KW - honey encryption

KW - password typo

KW - password-based encryption

UR - http://www.scopus.com/inward/record.url?scp=85018247225&partnerID=8YFLogxK

U2 - 10.1109/ICOIN.2017.7899565

DO - 10.1109/ICOIN.2017.7899565

M3 - Conference contribution

AN - SCOPUS:85018247225

T3 - International Conference on Information Networking

SP - 593

EP - 598

BT - 31st International Conference on Information Networking, ICOIN 2017

PB - IEEE Computer Society

T2 - 31st International Conference on Information Networking, ICOIN 2017

Y2 - 11 January 2017 through 13 January 2017

ER -

Password typos resilience in honey encryption

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this