论文信息 - Introducing smartcards to remote authenticate passwords using public key encryption

Introducing smartcards to remote authenticate passwords using public key encryption

Password authentication is one of the most popular local and remote authentication methods. This can be done by sharing a password between peers. At the operating system server, the passwords file must be protected against any attack. Actually, almost all operating systems protect this file using one way functions like MD5 or symmetric algorithms such as DES. The Unix password protection scheme is an example of a security mechanism making use of one way functions. The problem here is that a directed dictionary attack can almost always succeed in breaking the password using a simple work station. We propose a new approach based on asymmetric encryption algorithms and the smartcards technology to allow passwords file protection and to prohibit middlemen from having the password during its transit over the connection.

P. Urien | M. Badra

[1] Z. Chen. Java Card Technology for Smart Cards: Architecture and Programmer''s Guide. The Java Series. Addis , 2000 .

[2] Jessica Staddon,et al. PKCS #1: RSA Cryptography Specifications Version 2.0 , 1998, RFC.

[3] M. Lassus. Smart-cards-a cost-effective solution against electronic fraud , 1997 .

[4] W. Douglas Maughan,et al. Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[5] Philip R. Karn,et al. Photuris: Extended Schemes and Attributes , 1999, RFC.

[6] Ronald L. Rivest,et al. The MD5 Message-Digest Algorithm , 1992, RFC.

[7] Dutreix. Unix - administration systeme - aix, hp-ux, solaris, linux , 2003 .

[8] Eric Rescorla,et al. SSL and TLS: Designing and Building Secure Systems , 2000 .

[9] Steven M. Bellovin,et al. Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[10] Stewart S. Miller. Wi-Fi Security , 2003 .