论文信息 - Implementing Strong Authentication Interoperability with Legacy Systems

Implementing Strong Authentication Interoperability with Legacy Systems

In a WWW environment, users need to come up with passwords for a lot of different services, e.g. in the area of e-commerce. These authentication secrets need to be unrelated if the user does not want to make himself vulnerable to insider attacks. This leads to a large number of passwords that a user has to generate, memorize, and remember. This password management is quite straining for users. Single sign on systems provide a solution for this dilemma. However, existing solutions often require the implementation of specific interfaces by the individual service providers, and usually do not support existing strong authentication factors, e.g. smart cards, without protocol extensions or modification of implementations. In this paper we propose a different approach that generates strong passwords using electronic signatures. Our approach builds on existing smart card infrastructures to achieve strong authentication, while at the same time it provides an interface to legacy password authentication systems.

Jan Zibuschka | Heiko Rossnagel | Heiko Rossnagel | Jan Zibuschka

[1] M. Angela Sasse,et al. Making Passwords Secure and Usable , 1997, BCS HCI.

[2] N. Economides. The Economics of Networks , 1995 .

[3] A. Karp. Site-Specific Passwords , 2003 .

[4] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5] Yossi Matias,et al. How to Make Personalized Web Browising Simple, Secure, and Anonymous , 1997, Financial Cryptography.

[6] Brent Waters,et al. A convenient method for securely managing passwords , 2005, WWW '05.

[7] Dan Boneh,et al. Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.

[8] R. A. Sibley,et al. The SLANG system , 1961, CACM.

[9] Bart Preneel,et al. Introduction to the Belgian EID Card: BELPIC , 2004, EuroPKI.

[10] Helmut Schneider,et al. The domino effect of password reuse , 2004, CACM.

[11] Rolf Oppliger,et al. Why have public key infrastructures failed so far? , 2005, Internet Res..

[12] Dan Boneh,et al. Proceedings of the 11th USENIX Security Symposium , 2002 .