Intrusion-Tolerant Password-Enabled PKI
نویسنده
چکیده
Password-enabled PKI facilitates the private key management by integrating easy-to-use passwords into PKI. In the first PKI research workshop, Sandhu et al. categorized password-enabled PKI schemes as virtual soft tokens and virtual smartcards [26]. Compared to the conventional PKI, password-enabled PKI introduces a security-critical server where large number of password-related credentials are stored. The compromise of this server will render these password-based credentials susceptible to the dictionary attack and, thus, damage the security of numerous private keys. In this article, using multiple servers, we propose an intrusiontolerant virtual soft token scheme and an intrusiontolerant virtual smartcard scheme. In our schemes, compromising up to a threshold number of these servers will not help an attacker mount a dictionary attack and, compared to previous work, our schemes can still function in the presence of some server failures. The multiple servers introduced in our intrusion-tolerant password-enabled PKI can be easily managed and PKI users can roam with human memorable passwords.
منابع مشابه
1st Annual PKI Research Workshop---Proceedings
Recently there has been considerable interest among PKI vendors and researchers in the concept of password-enabled PKI. Several viable proposals and products have emerged. Fundamentally there are two distinct methods for using passwords with private keys. One method is to use the password to retrieve a private key, while the other uses the password as one component of the private key. We motiva...
متن کاملSecuring the Networked e-Business Throughout an Internet Distributed Organization
This paper explores an Internet-based VPN solution, built upon IPSec, which combines tunneling with PKI authentication and encryption. To protect the valuable company resources, an efficient intrusion/misuse detection and response system was incorporated into deployed security solution. This approach enabled a large-scale customer provide their global e-business safely. As a result, an integrat...
متن کاملAn Intrusion-Tolerant Password Authentication System
In a password-based authentication system, to authenticate a user, a server typically stores password verification data (PVD), which is a value derived from the user’s password using publicly known functions. For those users whose passwords fall within an attacker’s dictionary, their PVDs, if stolen (for example, through server compromise), will allow the attacker to mount off-line dictionary a...
متن کاملUsability challenges of PKI
Introduction Contrary to analysts’ forecasts we heard some years ago, PKI (public key infrastructure) has not become a widespread technology yet. An important reason for this is the insufficient usability PKI-enabled applications are often blamed for [11]. Users’ behavior has turned out to be the biggest risk in security software [10], so usability issues deserve closer attention. Research in t...
متن کاملWireless PKI and Distributed IDS for Securing Intranets and M-Commerce
Recent R/D advances are presented in this keynote address on wireless and security technologies. To access Internet from mobile devices, the existing public key infrastructure (PKI) must be modified to work with limited wireless network bandwidth and low computing and memory capacity of handheld devices. A complete security chain is needed from smart cards to mobile clients, wireless PKI (WPKI)...
متن کامل