{"id":597484,"date":"2019-06-24T00:00:16","date_gmt":"2019-06-24T07:00:16","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-research-item&p=597484"},"modified":"2019-07-17T12:33:32","modified_gmt":"2019-07-17T19:33:32","slug":"pasta-password-based-threshold-authentication","status":"publish","type":"msr-video","link":"https:\/\/www.microsoft.com\/en-us\/research\/video\/pasta-password-based-threshold-authentication\/","title":{"rendered":"PASTA: PASsword-based Threshold Authentication"},"content":{"rendered":"
We introduce and formalize a new notion of password-based threshold token authentication, which protects password-based authentication against single point of failures. Specifically, we distribute the role of a single server among n servers and allow any t servers to collectively verify clients’ passwords and generate tokens, while no t-1 servers can forge a valid token or mount offline dictionary attacks. We then introduce PASTA, a general framework wherein clients can sign on using a two-round (optimal) protocol that meets our strong security guarantees.<\/p>\n
Our experiments show that the overhead of protecting secrets and credentials against breaches in PASTA, i.e. compared to a naive single-server solution, is extremely low (1-5%) in the most likely setting where client and servers communicate over the internet. The overhead is higher in case of MAC-based tokens over a LAN (though still only a few milliseconds) due to public-key operations in PASTA. We show, however, that this cost is inherent by proving a symmetric-key only solution impossible.<\/p>\n
Based on joint work with Shashank Agrawal, Payman Mohassel, and Pratyay Mukherjee: https:\/\/eprint.iacr.org\/2018\/885.pdf<\/a>.<\/p>\n