基于可信计算的口令管理方案被引量：4

Password Management Scheme Based on Trusted Computing

下载PDF

导出

摘要针对现有口令管理方案抗攻击能力和易用性方面的不足.提出了基于可信计算的口令管理方案.该方案借助可信平台模块的密钥管理、安全存储和授权访问控制等关键技术实现了口令管理中敏感数据的安全保护。增强了口令计算过程的安全性.通过与现有方案的对比,分析了该方案的安全性和易用性.结果表明,该方案能提高口令的强度和易用性,并且能够抵抗网络钓鱼攻击. The existed password management methods are not secured enough but inconvenient to change each account password. Based on the key technologies of trusted computing, such as key management, security storage and authorized access control, a new password management scheme is proposed. This scheme helps users manage multiple accounts by turning a single memorized password into a different password for each account. The implementation of the scheme is discussed and compared its strength and usability to those of related approaches. Unlike previous approaches, our scheme is both highly resistant to brute force attacks and convenient to execute a password change for each password. It also can prevent phishing.

作者陈爱国徐国爱杨义先

机构地区北京邮电大学灾备技术国家工程实验室

出处《北京邮电大学学报》 EI CAS CSCD 北大核心 2008年第5期93-97,共5页 Journal of Beijing University of Posts and Telecommunications

基金国家"973计划"项目(2007CB310704)

关键词可信计算口令鉴别口令管理网络钓鱼 trusted computing password authentication password management phishing

分类号 TN309.2 [电子电信—物理电子学]

引文网络
相关文献

参考文献13

1Yan J, Blackwell A, Anderson R, et al. The memorability and security of passwords-some empirical results [ Z ]. [S. l. ] : University of Cambridge Computer Laboratory,2000.
2Hamilton S S, Carlisle M C, Hamilton J A. A global look at authentication [C] // IWA' 07. New York: IEEE SMC, 2007: 1-8.
3Gajek S, Sadeghi A R, Stuble C, et al. Compartmented security for browsers-or how to thwat a phisher with trusted computing [ C] // Proceedings of the 2nd International Conference on Availability, Reliability and Security. Washington D C: IEEE Computer Society, 2007: 120-127.
4Me G, Pirro D, Sarrecchia R. A mobile based approach to strong authentication on web[ C] // Proceedings of the International Multi-Conference on Computing in the Global Information Technology. Washington D C: IEEE Computer Society, 2006: 67-67.
5Schneier B. Password safe [ EB/OL ]. [ 2008-02-17 ]. http://www, counterpane, com/passsafe, html.
6Gabber E, Gibbons P B, Matias Y, et al. How to make personalized web browsing simple, secure and anonymous [C] // Proceedings of Financial Cryptography' 97. Anguilla: Springer-Verlag, 1997: 17-31.
7Ross B, Jackson C, Miyake N, et al. Stronger password authentication using browser extensions[C]//Proceedings of the 14th USENIX Security Symposium. California: USENIX Association Berkeley, 2005: 17-32.
8Halderman J A, Waters B, Felten E W. A convenient method for securely managing passwords [ C ]//Proceedings of the 14th International Conference on World Wide Web. Chiba: ACM Press, 2005:471-479.
9Yee K P, Sitaker K. Passpet: convenient password management and phishing protection[C]//Proceedings of the Second Symposium on Usable Privacy and Security. New York: ACM, 2006: 32-43.
10Trusted Computing Group. TCG specification architecture overview specification [ EB/OL ]. [ 2007-08-02 ]. http://www, trustedcomputinggroup, org.

同被引文献31

1章勤,陈春润,羌卫中,刘英书.基于网格环境的可信计算平台共享模型[J].华中科技大学学报（自然科学版）,2007,35(12):5-8. 被引量：5
2林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758. 被引量：253
3郑宇,何大可,梅其祥.支持可信计算的软件保护模型[J].西南交通大学学报,2006,41(1):63-67. 被引量：7
4GUAN S Y,DONG X S,WU W G,et al.Trust management and service selection in pervasive computing environments[C] // Proceedings of International Conference on Computational Intelligence and Security Workshops.Washington,DC:IEEE,2007:620 -623.
5TCG.TPM Specification Version 1.1[EB/OL].[2009-06-20].http://www.trustedcomputinggroup.org.
6BRICKELL E,CAMENISCH J,CHEN L Q.Direct anonymous attestation[C] // Proceedings of ACM Conference on Computer and Communications Security.New York:ACM,2004:132 -145.
7TCG.TCG Specification Architecture Overview.Vereionl.4[EB/OL].[2009-08-02].http://www.trustedcomputinggroup.org/.
8BRIZEK J,KHAN M,SEIFERT J P,et al.A platform-level trust architecture for hand-held devices[C] // Proceedings of 2005 Workshop on Cryptographic Advances in Secure Hardware.New York:ACM,2005.
9EISENBARTH T,G(U)EYSU T,PAAR C,et al.Reconfigurable trusted computing in hardware[C] // Proceedings of the 2007 ACM workshop on Scalable trusted computing.New York:ACM,2007:15-20.
10DIETRICH K.An integrated architecture for trusted computing for Java enabled embedded devices[C] // Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing.New York:ACM,2007:2-6.

引证文献4

1刘帮涛,罗敏,陈爱国,尹德辉.一种基于可信计算的动态口令机制[J].华中科技大学学报（自然科学版）,2013,41(S1):383-387.
2周毅,郑雪峰,于义科.可信计算环境下基于进化理论的层信任模型实现[J].电信科学,2010,26(6):86-94.
3周毅,郑雪峰,于义科.基于进化理论的层信任模型研究与实现[J].计算机应用,2010,30(8):2114-2119.
4HE Yuchen,WANG Rui,SHI Wenchang.Implementation of a TPM-Based Security Enhanced Browser Password Manager[J].Wuhan University Journal of Natural Sciences,2016,21(1):56-62. 被引量：1

二级引证文献1

1蔡莹.企业内网中的数据隔离与交换技术探索[J].科技资讯,2017,15(5):23-24.

1王毅,王力行,张磊,韩伟力.基于蓝牙智能手机的口令管理技术研究[J].计算机应用与软件,2009,26(12):268-270.
2王艳红,孙曙光.浅谈S12的PASSWORD管理[J].山东通信技术,2000(4):25-28.
3《中国移动信息系统集中账号口令管理（4A）技术要求》完成评审[J].中国数据通信,2005,7(2):128-128.
4孔令伟.仿冒防御技术在IPv6环境下的研究[J].中国科教创新导刊,2008(3):101-101.
5安玉山.预防5ESS口令意外失效的办法[J].山东通信技术,1997(4):36-37.
6祁明.关于口令鉴别方案的几点注记[J].密码与信息,1995(4):42-44.
7王燕.重庆电信开展互联网安全评估加固工作[J].重庆通信业,2005(1):54-54.
8鲁义轩.应对网络钓鱼艾司隆提出5措施强化信息安全[J].通信世界,2011(32):41-41.
9李佳君.你知道如何安全地使用手机吗?[J].保密工作,2015,0(6):52-53.
10ZDNet.身份盗用:企业面临的风险[J].网络与信息,2011,25(11):66-66.

北京邮电大学学报

2008年第5期

浏览历史

内容加载中请稍等...

基于可信计算的口令管理方案被引量：4

参考文献13

同被引文献31

引证文献4

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

基于可信计算的口令管理方案 被引量：4

参考文献13

同被引文献31

引证文献4

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

基于可信计算的口令管理方案被引量：4