Networked cryptographic devices resilient to capture

Abstract

We present a simple technique by which a device that performs private key operations (signatures or decryptions) in networked applications, and whose local private key is activated with a password or PIN, can be immunized to offline dictionary attacks in case the device is captured. Our techniques do not assume tamper resistance of the device, but rather exploit the networked nature of the device, in that the device''s private key operations are performed using a simple interaction with a remote server. This server, however, is untrusted---its compromise does not reduce the security of the device''s private key unless the device is also captured---and need not have a prior relationship with the device. We further extend this approach with support for "key disabling", by which the rightful owner of a stolen device can disable the device''s private key even if the attacker already knows the user''s password.