Security Analysis of Password-Authenticated Key Retrieval

The problem of safely storing client's long-term static keys (e.g., symmetric keys, signature keys for digital signatures or decryption keys for public-key encryptions) can be addressed with credential services (including cloud services or SSO (Single Sign-On)), which also solve many usability constraints for clients. Consider a roaming client who accesses a network from different locations in order to retrieve their static keys (e.g., for temporal use of PKI (Public-Key Infrastructures)). This kind of roaming model can be supported by a credentials server that authenticates the client and then assists in downloading static keys for the client.

Provided by: International Association for Cryptologic Research Topic: Security Date Added: Oct 2013 Format: PDF

Find By Topic