Zhao Mingwei,Ji Xiaoyu,Jiang Rongan

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.05.085

2009-01-01

Abstract:Compared with traditional static password system,the identity authentication system with dynamic password is more secure.Based on ElGamal's private key cryptosystem and challenge-response mechanism,this paper presents a new identity authentication scheme with dynamic password which integrates the smart card and the fingerprint features.The bidirectional authentication between the clients and the server is also achieved.This scheme is effective in preventing reply attack and masquerade attack.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Mingwei Zhao,Xiaochen Yu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.10.076

2015-01-01

Abstract:Compared with traditional static password identity authentication technology,the identity authentication system with dynamic password is more secure.Current schemes of dynamic password authentication have difficulties in heavy computation load and key storage because of the use of the public key encryption system mostly.In view of this,we propose a new identity authentication scheme with dynamic password which combines hash function,symmetric encryption mechanism and Challenge /Response mechanism.At the same time,we carry out the performance test and analysis on the scheme.Experimental results show that the scheme not only realises mutual authentication between server and clients under the network environment,but also has the advantages of high safety,strong practicability,low cost etc., which can be used as the identity authentication in most insecure network channels.

谭良,徐志伟

DOI: https://doi.org/10.3969/j.issn.1002-137x.2008.10.003

2008-01-01

Computer Science

Abstract:The issue of the transitive trusted chain is the foundation for trusted computing.This paper surveys the technologies and the theories of the transitive trusted chain,including the technology projects of the transitive trusted chain,the technologies of the trust for measurement,the theories of the transitive trusted chain and the trust for measurement.Some fields are worthy to be explored are pointed out including some key technologies,such as the static trust for measurement and the dynamic trust for measurement,and some foundation theories,such as the level model of the trusted chain,the trust loss model and the theory of the dynamic trust for measurement for software,and so on.

Haojie Lu

2009-01-01

Abstract:User authentication is mostly carried out by sending a pair of username and password to the server in insecure network,since most users have not a certificate.Just based on this fact,some attacks are achieved.The method of phishing and the common mechanism of protecting key are analyzed,and an authentication scheme employing trusted computing technology is proposed.Since the scheme combines protected storage,authentication chain,and password partition etc,thieving only the password will not have an affect on user security.In the end,the proposed approach is proven to protect against phishing attacks.

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Lei Han,Jiqiang Liu,Zhen Han,Xueye Wei

DOI: https://doi.org/10.1007/s11704-011-9180-4

2011-05-14

Frontiers of Computer Science in China

Abstract:In today’s globalized digital world, network-based, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.

Hua Wang,Yao Guo,Xia Zhao,Xiangqun Chen

DOI: https://doi.org/10.1109/AINA.2008.109

2008-01-01

Abstract:TPM is able to provide strong secure storage for sensitive data such as passwords. Although several commercial password managers have used TPM to cache passwords, they are not capable of protecting passwords during verification. This paper proposes a new TPM-based password caching and verification method called PwdCaVe. In addition to using TPM in password caching, PwdCaVe also uses TPM during password verification. In PwdCaVe, all password-related computations are performed in the TPM. PwdCaVe guarantees that once a password is cached in the TPM, it will be protected by the TPM through the rest of its lifetime, thus eliminating the possibility that passwords might be attacked in memory. A prototype of PwdCaVe is implemented on Linux to demonstrate its feasibility.

Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/nswctc.2009.287

2009-01-01

Abstract:Password authentication is one of the simplest and the most convenient authentication mechanisms over insecure networks. One-time password authentication which uses dynamic password helps to enhance the security of password. In this paper, we suggest a new one-time password scheme using the smart card based on the bilinear pairings. By generating temporary identity, our scheme can provide anonymity in authentication process to protect the user's privacy. Based on the Computational Diffie-Hellman Problem, we show that the proposed scheme is secure against forgery attack and ID attack under the random oracle model.

Xuelian Cao,Zheng Yang,Jianting Ning,Chenglu Jin,Rongxing Lu,Zhiming Liu,Jianying Zhou

DOI: https://doi.org/10.1109/tifs.2024.3386350

IF: 7.231

2024-05-10

IEEE Transactions on Information Forensics and Security

Abstract:Group time-based one-time passwords (GTOTP) is a novel lightweight cryptographic primitive for achieving anonymous client authentication, which enables the efficient generation of time-based one-time passwords on behalf of a group without revealing any information about the actual client's identity beyond their group membership. The security properties of GTOTP regarding anonymity and traceability have been formulated in a static group management setting (where all group members should be determined during the group initialization phase), yet, a formal treatment for real-world dynamic groups (i.e., group members may join and leave at any time) is still an open question. It is non-trivial to construct an efficient GTOTP scheme that can provide a lightweight password generation procedure run by group members and support dynamic group management, allowing group members to join and leave without affecting other members' states (non-disruptively). To address the above challenge, we first define the notion and the security model of dynamic group time-based one-time passwords (DGTOTP) in this work. We then present an efficient DGTOTP construction that can generically transform an asymmetric time-based one-time passwords scheme into a DGTOTP scheme utilizing a chameleon hash function family and a Merkle tree scheme. Within our construction, we particularly tailor an outsourcing solution realizing an issue-first-and-join-later (IFJL) strategy, enabling smooth joining and revocation without disrupting other group members. Moreover, our scheme minimizes symmetric cryptographic operations and maintains constant storage for group members, compared to the linear storage cost that grows rapidly with respect to the lifetime of the GTOTP instance in the previous static GTOTP scheme. Our DGTOTP scheme satisfies stronger security guarantees in a dynamic group management setting without random oracles. Our experimental results confirm the efficiency of our DGTOTP scheme.

computer science, theory & methods,engineering, electrical & electronic

Ma Limin,Zhu Yuesheng

2014-01-01

Abstract:As an important trust third-party authentication protocol, Kerberos is widely deployed to provide authentication service in distributed networks. However, it is vulnerable to some attacks such as password guessing attack and replay attack. PKINIT is an enhanced Kerberos protocol based on public key cryptography to resist these attacks. However, it requires excessive computation and communication resources. A new scheme based on one-time password (OTP) mechanism is proposed and implemented to improve the security and computation efficiency of Kerberos protocol in this paper. Experiment results demonstrate that the proposed scheme can enhance the security of Kerberos and reduce 32.3% time of initial authentication exchange and is easier to be deployed than PKINIT. © 2014 ISSN 1881-803X.

Zhi Guan,Huiping Sun,Zhong Chen,Xianghao Nan

DOI: https://doi.org/10.1109/ICYCS.2008.523

2008-01-01

Abstract:In spite of many advantages the identity-based cryptosystem provides over traditional public key based cryptosystem, the paradigm requires frequently user authentication and secure channel for private key issue, which have handicapped its wide acceptance and restrict its usage to a small and closed groups where a central trusted authority exists and is easily accessible. In this paper we propose a framework based on the Trusted Computing (TC) techniques to improve the efficiency of private key issue in identity-based cryptosystem. We take the Trusted Platform Module (TPM) as a local trusted authority for key extraction. The model, scheme and a survey on how to implement popular identity-based key issue on TPM are given. The security and performance analysis are provided, together with implementation issues for several popular identity-based cryptographic schemes.

T.V. Laptyeva,S. Flach,K. Kladko

DOI: https://doi.org/10.1209/0295-5075/95/50007

2011-07-01

Abstract:Vulnerabilities related to weak passwords are a pressing global economic and security issue. We report a novel, simple, and effective approach to address the weak password problem. Building upon chaotic dynamics, criticality at phase transitions, CAPTCHA recognition, and computational round-off errors we design an algorithm that strengthens security of passwords. The core idea of our method is to split a long and secure password into two components. The first component is memorized by the user. The second component is transformed into a CAPTCHA image and then protected using evolution of a two-dimensional dynamical system close to a phase transition, in such a way that standard brute-force attacks become ineffective. We expect our approach to have wide applications for authentication and encryption technologies.

Cryptography and Security,Other Condensed Matter,Chaotic Dynamics

Limin Guo,Qing Li,Lihui Wang,Zhimin Zhang,Dan Liu,Weijun Shan

DOI: https://doi.org/10.2991/iset-15.2015.28

2015-01-01

Abstract:Dynamic password technology is one of the most widely utilized methods for identity authentication. The security of dynamic password system depends on the cryptographic strength of the underlying hash function. And SM3 is the only standard hash algorithm of China. However, most cryptographic algorithm implementations are vulnerable against side channel attacks. But specific side channel attacks on dynamic password token based on SM3 hash function have not been given so far. This paper presents a differential power analysis attack on dynamic password token based on SM3 algorithm. SM3 hash algorithm is based on the mixing of different algebraic operations, such as XOR and addition modulo 2(32), thus the proposed DPA attack is mainly against these basic group operations. Experimental results are given by attacking an implementation of generating dynamic password using SM3 algorithm in a smart card, which demonstrate the feasibility of such attacks described in this paper.

Xiao-xiang JIAN,Hong GAO,Wen-huang LIU

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.36.022

2006-01-01

Abstract:According to the coming of the global information age,trusted computing improved from fault-tolerance computing,fault detection,redundancy backup technique to trusted computing software and hardware platforms.This article analyzes the limitation of current trusted computing platform based on integrated TPM,and discusses methods using portable TPM to solve current problems.A trusted computing model and its implementation is presented,which is based on the portable TPM.

Shukun Yang,Shouling Ji,Raheem Beyah

DOI: https://doi.org/10.1109/tifs.2017.2737971

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:To keep password users from creating simple and common passwords, major websites and applications provide a password-strength measure, namely a password checker. While critical requirements for a password checker to be stringent have prevailed in the study of password security, we show that regardless of the stringency, such static checkers can leak information and actually help the adversary enhance the performance of their attacks. To address this weakness, we propose and devise the Dynamic Password Policy Generator, namely DPPG, to be an effective and usable alternative to the existing password strength checker. DPPG aims to enforce an evenly-distributed password space and generate dynamic policies for users to create passwords that are diverse and that contribute to the overall security of the password database. Since DPPG is modular and can function with different underlying metrics for policy generation, we further introduce a diversity-based password security metric that evaluates the security of a password database in terms of password space and distribution. The metric is useful as a countermeasure to well-crafted offline cracking algorithms and theoretically illustrates why DPPG works well.

Limin Guo,Lihui Wang,Qing Li,Jun Yu,Peng Luo

DOI: https://doi.org/10.1109/cis.2015.92

2015-01-01

Abstract:Dynamic password technology is widely utilized for identity authentication, which depends on using hash functions, such as SM3. And SM3 hash algorithm is based on the mixing of different group operations, such as XOR and addition modulo 232. In this paper, we present two original first-order differential power analysis attacks on dynamic password token based on SM3 algorithm. The two proposed DPA attacks are against XOR and addition modulo 232 operation respectively. Experimental results show that dynamic password token based on SM3 algorithm is vulnerable to side channel attacks, no matter implemented in software or hardware. We also provide a masked implementation of the algorithm, which is designed to avoid those proposed attacks.

毛剑,韦韬,陈昱,邹维

DOI: https://doi.org/10.3321/j.issn:1671-8836.2008.05.020

2008-01-01

Abstract:We propose a trusted computing module based secure electronic transaction architecture,which uses trusted equipment as the identity authentication and transaction authorization terminal.The new framework binds authentication and authorization in e-transaction operations and guarantees the secure sensitive operation is executed properly in an independent,trusted,auditable environment.Our approach thwarts Man-in-the-Middle attacks,protects a user's account even in the presence of most spywares like keyloggers and fends off the authorization hijack attacks efficiently.