期刊文献+

基于动态密码和入侵容忍的身份认证方案 被引量:7

Solution of Identity Authentication Based on Dynamic Password and Intrusion-Tolerant
下载PDF
导出
摘要 传统的身份认证仅采用静态密码,且只有唯一的认证服务器为用户提供服务。其缺点是:静态密码很容易被攻破;若认证服务器被攻破或发生故障,就不能及时地为用户提供服务甚至导致用户信息的永久丢失,这在证券或银行等交易系统中是无法接受的。因此迫切需要一种更安全有效的认证方案。本文提出的把动态密码和入侵容忍技术结合起来的方案,可以较好地解决用户密码被攻破以及认证服务器被入侵或破坏所带来的安全问题。 In traditional identity authentication, only static passwords were employed. Besides, only one authentication server was utilized for offering service to customers. There are two disadvantages in the above scheme, static password can be easily broken; if the authentication server was breached or broken down, it wouldn't offer the usual service to customers in time, and even result the loss of customers' information forever. Hence, it is necessary to find a more effective identify authentication scheme. By combining dynamic password with intrusion-tolerant technique, this paper presents a new identity authentication scheme that can effectively cope with the problems caused by both the breach of password and broken down of some authentication servers.
出处 《华东理工大学学报(自然科学版)》 CAS CSCD 北大核心 2009年第4期596-599,共4页 Journal of East China University of Science and Technology
基金 国家高技术研究发展计划(863)(02006AA10Z315) 超细材料制备与应用教育部重点实验室基金项目
关键词 静态密码 动态密码 入侵容忍 身份认证 static password dynamic password intrusion-tolerant identify authentication
  • 相关文献

参考文献5

二级参考文献16

  • 1Ammann P, Jajodia S,McCollum C D,et al. Surviving information warfare attacks on database [A]. Proceedings of the IEEE symposium on security and privacy[C].New York:IEEE, 1997.164-174.
  • 2Liu P, Jajodia S. Muliti-phase damage connement in database systems for intrusion tolerance[A].Proc 14th IEEE computer security foundations workshop[C].New York:IEEE,2001.191-205.
  • 3Liu P.Architecturesforintrusiontolerant database systems[C].San Diego California,2002.
  • 4Wu T. A real-world analysis of Kerberos password security [A]. In Proceedings of the 1999 Network and Distributed System Security Symposium [C]. San Diego, California: NDSS, 1999.97-111.
  • 5Jaynarayan H L. Organically Assured and Survivable Information System (OASIS)[DB/OL].http://www. tolerantsystems.org/, Auguest 2003.
  • 6Kopetz H, Verissimo P. Real Time and Dependability Concepts [M]. New York: Addison-Wesley, 1993.
  • 7Wang F, Gong F, Jou F, et al. SITAR: A scalable intrusion tolerance architecture for distributed service [A]. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security [C]. New York: United States Military Academy, West Point, 2001.38-45.
  • 8Wang X, Heydarri M H. An Intrusion-Tolerant Password Authentication System [A]. 19th Annual Computer Security Applications Conference[C]. New Orleans, Louisiana: IEEE, 2003. 110.
  • 9Shamir A. How to share a secret [J]. Communications of the ACM, 1979, 22(11): 612-613.
  • 10Wu T.A Real-world Analysis of Kerberos Password Security[C].Proc.of Network and Distributed System Security Symposium,San Diego,Calif.,1999.

共引文献23

同被引文献76

引证文献7

二级引证文献21

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部