Tandem: Securing Keys by Using a Central Server While Preserving Privacy

  title={Tandem: Securing Keys by Using a Central Server While Preserving Privacy},
  author={Wouter Lueks and Brinda Hampiholi and Greg Alp{\'a}r and Carmela Troncoso},
  journal={Proceedings on Privacy Enhancing Technologies},
  pages={327 - 355}
Abstract Users’ devices, e.g., smartphones or laptops, are typically incapable of securely storing and processing cryptographic keys.We present Tandem, a novel set of protocols for securing cryptographic keys with support from a central server. Tandem uses one-time-use key-share tokens to preserve users’ privacy with respect to a malicious central server. Additionally, Tandem enables users to block their keys if they lose their device, and it enables the server to limit how often an adversary… 

Figures and Tables from this paper

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

This paper proposes a privacy-preserving SSO system, called UPPRESSO, to protect a user’s login activities against both the curious IdP and collusive RPs, and converts the SSO privacy problems into an identity transformation challenge.



Networked cryptographic devices resilient to capture

  • P. MacKenzieM. Reiter
  • Computer Science, Mathematics
    Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001
  • 2001
A simple technique by which a device that performs private key operations in networked applications and whose local private key is activated with a password or PIN can be immunized to offline dictionary attacks in case the device is captured is presented.

Virtual Smart Cards: How to Sign with a Password and a Server

It is argued that the Pass2Sign protocol offers comparable security to trusted hardware, but without its inconveniences, and it is proved it secure in the universal composability UC framework in a very strong adaptive corruption model where, unlike standard UC, the adversary does not obtain past inputs and outputs upon corrupting a party.

Threshold Single Password Authentication

Three previous studies provide solutions secure against offline dictionary attacks by additionally employing a storage provider (either a cloud storage or a mobile device for portability) and these works provide solutions where offline Dictionary attacks are impossible as long as the adversary does not corrupt both the login server and the storage provider.

How to win the clonewars: efficient periodic n-times anonymous authentication

A credential system that lets a user anonymously authenticate at most $n$ times in a single time period, based on e-cash, which can use existing techniques to identify a cheating user, trace all of her e-tokens, and revoke her dispensers.

Single password authentication

Server-Supported RSA Signatures for Mobile Devices

A new method for shared RSA signing between the user and the server so that the server alone is unable to create valid signatures and the composite RSA signature “looks like” an ordinary RSA signature and verifies with standard crypto-libraries.

Secure enrollment and practical migration for mobile trusted execution environments

It is argued that current mobile device architectures do not facilitate secure enrollment and migration for system-wide TEEs, and possible architecture changes are outlined that would enable the realization of secure and practical enrollment, and thus enable more widespread secure deployment of various mobile security services.

Stronger Password Authentication Using Browser Extensions

We describe a browser extension, PwdHash, that transparently produces a different password for each site, improving web password security and defending against password phishing and other attacks.

Get Shorty via Group Signatures without Encryption

This paper proposes a group signature scheme with the shortest known signature size and favorably comparing computation time, whilst still offering a strong and practically relevant security level that guarantees secure opening of signatures, protection against a cheating authority, and support for dynamic groups.

PEREA: Practical TTP-free revocation of repeatedly misbehaving anonymous users

PEREA, a new anonymous authentication scheme for which the time complexity of authentication is linear in the size of a revocation window, is extended to support more complex revocation policies that take the severity of misbehaviors into account and is called PEREA-Naughtiness.