Password Management Scheme Based on Trusted Computing 
CHEN Ai-guo, XU Guo-ai, YANG Yi-xian

doi:10.13190/jbupt.200805.93.chenag

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2008, Vol. 31 ›› Issue (5): 93-97.doi: 10.13190/jbupt.200805.93.chenag

• Reports • Previous Articles Next Articles

Password Management Scheme Based on Trusted Computing
CHEN Ai-guo, XU Guo-ai, YANG Yi-xian

CHEN Ai-guo, XU Guo-ai, YANG Yi-xian

Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China)

Received:2008-03-25 Revised:1900-01-01 Online:2008-10-30 Published:2008-10-30
Contact: CHEN Ai-guo

Abstract

Abstract:

The existed password management methods are not secured enough but inconvenient to change each account password. Based on the key technologies of trusted computing, such as key management, security storage and authorized access control, a new password management scheme is proposed. This scheme helps users manage multiple accounts by turning a single memorized password into a different password for each account. The implementation of the scheme is discussed and compared its strength and usability to those of related approaches. Unlike previous approaches, our scheme is both highly resistant to brute force attacks and convenient to execute a password change for each password. It also can prevent phishing.

Key words: trusted computing, password authentication, password management, phishing

CLC Number:

TN309.2

CHEN Ai-guo, XU Guo-ai, YANG Yi-xian. Password Management Scheme Based on Trusted Computing
CHEN Ai-guo, XU Guo-ai, YANG Yi-xian[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(5): 93-97.

References

[1] Yan J, Blackwell A, Anderson R, et al. The memorability and security of passwords-some empirical results[Z]. : University of Cambridge Computer Laboratory, 2000.
[2] Hamilton S S, Carlisle M C, Hamilton J A. A global look at authentication//IWA'07. New York: IEEE SMC, 2007: 1-8.
[3] Gajek S, Sadeghi A R, Stuble C, et al. Compartmented security for browsers-or how to thwat a phisher with trusted computing//Proceedings of the 2nd International Conference on Availability, Reliability and Security. Washington D C: IEEE Computer Society, 2007: 120-127.
[4] Me G, Pirro D, Sarrecchia R. A mobile based approach to strong authentication on web//Proceedings of the International Multi-Conference on Computing in the Global Information Technology. Washington D C: IEEE Computer Society, 2006: 67-67.
[5] Schneier B. Password safe. . http://www.counterpane.com/passsafe.html.
[6] Gabber E, Gibbons P B, Matias Y, et al. How to make personalized web browsing simple, secure and anonymous//Proceedings of Financial Cryptography'97. Anguilla: Springer-Verlag, 1997: 17-31.
[7] Ross B, Jackson C, Miyake N, et al. Stronger password authentication using browser extensions//Proceedings of the 14th USENIX Security Symposium. California: USENIX Association Berkeley, 2005: 17-32.
[8] Halderman J A, Waters B, Felten E W. A convenient method for securely managing passwords//Proceedings of the 14th International Conference on World Wide Web. Chiba: ACM Press, 2005: 471-479.
[9] Yee K P, Sitaker K. Passpet: convenient password management and phishing protection//Proceedings of the Second Symposium on Usable Privacy and Security. New York: ACM, 2006: 32-43.
[10] Trusted Computing Group. TCG specification architecture overview specification. . http://www.trustedcomputinggroup.org.
[11] Trusted Computing Group. TCG software stack (TSS) specification. . http://www.trustedcomputinggroup.org.
[12] Trusted Computing Group. TPM main part 1 design principles specification. . http://www.trustedcomputinggroup.org.
[13] Emigh A. Online identity theft: phishing technology, chokepoints and countermeasures[Z]. : Radix Labs, 2005.

Password Management Scheme Based on Trusted Computing
CHEN Ai-guo, XU Guo-ai, YANG Yi-xian

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 3

Recommended Articles

Metrics

Comments

[1]	SONG Cheng, LI Jing, PENG Wei-ping, JIA Zong-pu, LIU Zhi-zhong. Research on Direct Anonymous Attestation Scheme Based on Bilinear Pairing [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(6): 72-76.
[2]	. Improved Direct Anonymous Attestation Scheme [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2011, 34(3): 62-65.
[3]	. Privacy Preserving Self-certified Signcryption Scheme in Trusted Modules [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(1): 60-64.

Password Management Scheme Based on Trusted Computing CHEN Ai-guo, XU Guo-ai, YANG Yi-xian

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 3

Recommended Articles

Metrics

Comments

Password Management Scheme Based on Trusted Computing
CHEN Ai-guo, XU Guo-ai, YANG Yi-xian