Skip to main content
SpringerLink
Log in

Update-Tolerant and Revocable Password Backup

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10343))

Included in the following conference series:

Abstract

It is practically impossible for users to memorize a large portfolio of strong and individual passwords for their online accounts. A solution is to generate passwords randomly and store them. Yet, storing passwords instead of memorizing them bears the risk of loss, e.g., in situations where the device on which the passwords are stored is damaged, lost, or stolen. This makes the creation of backups of the passwords indispensable. However, placing such backups at secure locations to protect them as well from loss and unauthorized access and keeping them up-to-date at the same time is an unsolved problem in practice.

We present PASCO, a backup solution for passwords that solves this challenge. PASCO backups need not to be updated, even when the user’s password portfolio is changed. PASCO backups can be revoked without having physical access to them. This prevents password leakage, even when a user loses control over a backup. Additionally, we show how to extend PASCO to enable a fully controllable emergency access. It allows a user to give someone else access to his passwords in urgent situations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Blocki, J., Komanduri, S., Cranor, L.F., Datta, A.: Spaced repetition and mnemonics enable recall of multiple strong passwords. In: Proceeding of NDSS (2015)

    Google Scholar 

  2. Bonneau, J.: The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In: Proceeding of IEEE SP (2012)

    Google Scholar 

  3. Florêncio, D., Herley, C., van Oorschot, P.C.: Password portfolios and the finite-effort user: sustainably managing large numbers of accounts. In: Proceeding of USENIX Security Symposium (2014)

    Google Scholar 

  4. Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: Proceeding of WWW (2005)

    Google Scholar 

  5. Horsch, M., Braun, J., Metz, D., Buchmann, J.: Update-tolerant and revocable password backup (extended version). CoRR, abs/1704.02883 (2017)

    Google Scholar 

  6. Horsch, M., Hülsing, A., Buchmann, J.: PALPAS - PAsswordLess PAssword synchronization. In: Proceeding of ARES (2015)

    Google Scholar 

  7. Horsch, M., Schlipf, M., Braun, J., Buchmann, J.: Password requirements markup language. In: Liu, J.K.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9722, pp. 426–439. Springer, Cham (2016). doi:10.1007/978-3-319-40253-6_26

    Chapter  Google Scholar 

  8. Karole, A., Saxena, N., Christin, N.: A comparative usability evaluation of traditional password managers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 233–251. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24209-0_16

    Chapter  Google Scholar 

  9. Kiesel, J., Stein, B., Lucks, S.: A large-scale analysis of the mnemonic password advice. In: Proceeding of NDSS (2017)

    Google Scholar 

  10. LastPass Corporate. LastPass Security Notification, June 2015. https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

  11. Al Maqbali, F., Mitchell, C.J.: Password generators: old ideas and new. In: Foresti, S., Lopez, J. (eds.) WISTP 2016. LNCS, vol. 9895, pp. 245–253. Springer, Cham (2016). doi:10.1007/978-3-319-45931-8_16

    Chapter  Google Scholar 

  12. Shay, R., Bauer, L., Christin, N., Cranor, L.F., Forget, A., Komanduri, S., Mazurek, M.L., Melicher, W., Segreti, S.M., Ur, B.: A spoonful of sugar?: The impact of guidance and feedback on password-creation behavior. In: Proceeding of CHI (2015)

    Google Scholar 

  13. Ziegler, D., Rauter, M., Stromberger, C., Teufl, P., Hein, D.M.: Do you think your passwords are secure? In: Proceeding of PRISMS (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technische Universität Darmstadt, Hochschulstraße 10, 64283, Darmstadt, Germany

    Moritz Horsch, Johannes Braun, Dominique Metz & Johannes Buchmann

Authors
  1. Moritz Horsch
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johannes Braun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dominique Metz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Johannes Buchmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Moritz Horsch , Johannes Braun , Dominique Metz or Johannes Buchmann .

Editor information

Editors and Affiliations

  1. Queensland University of Technology, Brisbane, Queensland, Australia

    Josef Pieprzyk

  2. Queensland University of Technology, Brisbane, Queensland, Australia

    Suriadi Suriadi

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Horsch, M., Braun, J., Metz, D., Buchmann, J. (2017). Update-Tolerant and Revocable Password Backup. In: Pieprzyk, J., Suriadi, S. (eds) Information Security and Privacy. ACISP 2017. Lecture Notes in Computer Science(), vol 10343. Springer, Cham. https://doi.org/10.1007/978-3-319-59870-3_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59870-3_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59869-7

  • Online ISBN: 978-3-319-59870-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation