• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Parallel and Distributed Systems, IEEE Transactions on >Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems
【24h】

Further Observations on Smart-Card-Based Password-Authenticated Key Agreement in Distributed Systems

机译:对分布式系统中基于智能卡的密码验证密钥协议的进一步观察

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

This paper initiates the study of two specific security threats on smart-card-based password authentication in distributed systems. Smart-card-based password authentication is one of the most commonly used security mechanisms to determine the identity of a remote client, who must hold a valid smart card and the corresponding password to carry out a successful authentication with the server. The authentication is usually integrated with a key establishment protocol and yields smart-card-based password-authenticated key agreement. Using two recently proposed protocols as case studies, we demonstrate two new types of adversaries with smart card: 1) adversaries with pre-computed data stored in the smart card, and 2) adversaries with different data (with respect to different time slots) stored in the smart card. These threats, though realistic in distributed systems, have never been studied in the literature. In addition to point out the vulnerabilities, we propose the countermeasures to thwart the security threats and secure the protocols.
机译:本文启动了对分布式系统中基于智能卡的密码身份验证的两种特定安全威胁的研究。基于智能卡的密码身份验证是确定远程客户端身份的最常用的安全性机制之一,远程客户端必须持有有效的智能卡和相应的密码才能对服务器进行成功的身份验证。身份验证通常与密钥建立协议集成,并产生基于智能卡的密码身份验证密钥协议。使用两个最近提出的协议作为案例研究,我们展示了两种新型的智能卡对手:1)带有预先计算的数据存储在智能卡中的对手,以及2)带有不同数据(针对不同时隙)的对手在智能卡中。这些威胁尽管在分布式系统中是现实的,但从未在文献中进行过研究。除了指出漏洞之外,我们还提出了应对措施,以阻止安全威胁并保护协议。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号