Secure set-based policy checking and its application to password registration

Changyu Dong, Franziskus Kiefer

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

12 Downloads (Pure)


Policies are the corner stones of today's computer systems. They define secure states and safe operations. A common problem with policies is that their enforcement is often in con ict with user privacy. In order to check the satisfiability of a policy, a server usually needs to collect from a client some information which may be private. In this work we introduce the notion of secure set-based policy checking (SPC) that allows the server to verify policies while preserving the client's privacy. SPC is a generic protocol that can be applied in many policy-based systems. As an example, we show how to use SPC to build a password registration protocol so that a server can check whether a client's password is compliant with its password policy without seeing the password. We also analyse SPC and the password registration protocol and provide security proofs. To demonstrate the practicality of the proposed primitives, we report performance evaluation results based on a prototype implementation of the password registration protocol
Original languageEnglish
Title of host publicationCryptology and Network Security
Subtitle of host publication14th International Conference, CANS 2015, Marrakesh, Morocco, December 10-12, 2015, Proceedings
EditorsMichael Reiter , David Naccache
Number of pages16
Publication statusAccepted/In press - 21 Sep 2015

Publication series

NameSecurity and Cryptology
PublisherSpringer Verlag


  • passwords
  • password registration protocol
  • computer security
  • password policy
  • computer systems

Cite this