基于可信计算的口令管理方案

doi:10.13190/jbupt.200805.93.chenag

北京邮电大学学报 ›› 2008, Vol. 31 ›› Issue (5): 93-97.doi: 10.13190/jbupt.200805.93.chenag

基于可信计算的口令管理方案

陈爱国, 徐国爱, 杨义先

北京邮电大学网络与交换国家重点实验室, 北京 100876

收稿日期:2008-03-25 修回日期:1900-01-01 出版日期:2008-10-30 发布日期:2008-10-30
通讯作者: 陈爱国

Password Management Scheme Based on Trusted Computing
CHEN Ai-guo, XU Guo-ai, YANG Yi-xian

CHEN Ai-guo, XU Guo-ai, YANG Yi-xian

Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China)

Received:2008-03-25 Revised:1900-01-01 Online:2008-10-30 Published:2008-10-30
Contact: CHEN Ai-guo

摘要/Abstract

摘要：

针对现有口令管理方案抗攻击能力和易用性方面的不足，提出了基于可信计算的口令管理方案. 该方案借助可信平台模块的密钥管理、安全存储和授权访问控制等关键技术实现了口令管理中敏感数据的安全保护，增强了口令计算过程的安全性. 通过与现有方案的对比，分析了该方案的安全性和易用性. 分析结果表明，本文的方案提高了口令的强度和易用性，并且能够抵抗网络钓鱼攻击.

关键词: 可信计算, 口令鉴别, 口令管理, 网络钓鱼

Abstract:

The existed password management methods are not secured enough but inconvenient to change each account password. Based on the key technologies of trusted computing, such as key management, security storage and authorized access control, a new password management scheme is proposed. This scheme helps users manage multiple accounts by turning a single memorized password into a different password for each account. The implementation of the scheme is discussed and compared its strength and usability to those of related approaches. Unlike previous approaches, our scheme is both highly resistant to brute force attacks and convenient to execute a password change for each password. It also can prevent phishing.

Key words: trusted computing, password authentication, password management, phishing

中图分类号:

TN309.2

陈爱国, 徐国爱, 杨义先. 基于可信计算的口令管理方案[J]. 北京邮电大学学报, 2008, 31(5): 93-97.

CHEN Ai-guo, XU Guo-ai, YANG Yi-xian. Password Management Scheme Based on Trusted Computing
CHEN Ai-guo, XU Guo-ai, YANG Yi-xian[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(5): 93-97.

参考文献

[1] Yan J, Blackwell A, Anderson R, et al. The memorability and security of passwords-some empirical results[Z]. : University of Cambridge Computer Laboratory, 2000.
[2] Hamilton S S, Carlisle M C, Hamilton J A. A global look at authentication//IWA'07. New York: IEEE SMC, 2007: 1-8.
[3] Gajek S, Sadeghi A R, Stuble C, et al. Compartmented security for browsers-or how to thwat a phisher with trusted computing//Proceedings of the 2nd International Conference on Availability, Reliability and Security. Washington D C: IEEE Computer Society, 2007: 120-127.
[4] Me G, Pirro D, Sarrecchia R. A mobile based approach to strong authentication on web//Proceedings of the International Multi-Conference on Computing in the Global Information Technology. Washington D C: IEEE Computer Society, 2006: 67-67.
[5] Schneier B. Password safe. . http://www.counterpane.com/passsafe.html.
[6] Gabber E, Gibbons P B, Matias Y, et al. How to make personalized web browsing simple, secure and anonymous//Proceedings of Financial Cryptography'97. Anguilla: Springer-Verlag, 1997: 17-31.
[7] Ross B, Jackson C, Miyake N, et al. Stronger password authentication using browser extensions//Proceedings of the 14th USENIX Security Symposium. California: USENIX Association Berkeley, 2005: 17-32.
[8] Halderman J A, Waters B, Felten E W. A convenient method for securely managing passwords//Proceedings of the 14th International Conference on World Wide Web. Chiba: ACM Press, 2005: 471-479.
[9] Yee K P, Sitaker K. Passpet: convenient password management and phishing protection//Proceedings of the Second Symposium on Usable Privacy and Security. New York: ACM, 2006: 32-43.
[10] Trusted Computing Group. TCG specification architecture overview specification. . http://www.trustedcomputinggroup.org.
[11] Trusted Computing Group. TCG software stack (TSS) specification. . http://www.trustedcomputinggroup.org.
[12] Trusted Computing Group. TPM main part 1 design principles specification. . http://www.trustedcomputinggroup.org.
[13] Emigh A. Online identity theft: phishing technology, chokepoints and countermeasures[Z]. : Radix Labs, 2005.

基于可信计算的口令管理方案

Password Management Scheme Based on Trusted Computing
CHEN Ai-guo, XU Guo-ai, YANG Yi-xian

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 5

编辑推荐

Metrics

本文评价

[1]	宋成, 李静, 彭维平, 贾宗璞, 刘志中. 基于双线性对的直接匿名认证方案[J]. 北京邮电大学学报, 2014, 37(6): 72-76.
[2]	吴旭, 许晋, 李春文, 刘川意. IaaS云虚拟机eID可信验证系统[J]. 北京邮电大学学报, 2014, 37(5): 85-90.
[3]	宋成，孙宇琼，彭维平，罗守山，辛阳,胡正名. 改进的直接匿名认证方案[J]. 北京邮电大学学报, 2011, 34(3): 62-65.
[4]	张明武杨波祝胜林. 可信模块隐私保护的自证明签密方案[J]. 北京邮电大学学报, 2009, 32(1): 60-64.
[5]	刘明辉1，辛阳1，杨义先1，李忠献1,2. 基于直接匿名认证的Card-not-Present支付系统[J]. 北京邮电大学学报, 2008, 31(4): 90-93.

基于可信计算的口令管理方案

Password Management Scheme Based on Trusted Computing CHEN Ai-guo, XU Guo-ai, YANG Yi-xian

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 5

编辑推荐

Metrics

本文评价

Password Management Scheme Based on Trusted Computing
CHEN Ai-guo, XU Guo-ai, YANG Yi-xian