PROTECTING POORLY CHOSEN SECRETS FROM GUESSING ATTACKS

被引:193
作者
GONG, L
LOMAS, MA
NEEDHAM, RM
SALTZER, JH
机构
[1] UNIV CAMBRIDGE,COMP LAB,CAMBRIDGE CB2 3QG,ENGLAND
[2] MIT,COMP SCI LAB,CAMBRIDGE,MA 02139
来源
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS | 1993年 / 11卷 / 05期
关键词
D O I
10.1109/49.223865
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
In a security system that allows people to choose their own passwords, those people tend to choose passwords that can be easily guessed. This weakness exists in practically all widely used systems. Instead of forcing users to choose well-chosen secrets, which are likely to be difficult to remember, we propose solutions that maintain both user convenience and a high level of security at the same time. The basic idea is to ensure that data available to the attacker is sufficiently unpredictable to prevent an off-line verification of whether a guess is successful or not. We examine common forms of guessing attacks, develop examples of cryptographic protocols that are immune to such attacks, and suggest a systematic way to examine protocols to detect vulnerabilities to such attacks.
引用
收藏
页码:648 / 656
页数:9
相关论文
共 29 条
[1]  
AHO AV, 1974, DESIGN ANAL COMPUTER, P195
[2]  
BELLOVIN SM, 1992, MAY P IEEE COMP SOC, P72
[3]   NEW DIRECTIONS IN CRYPTOGRAPHY [J].
DIFFIE, W ;
HELLMAN, ME .
IEEE TRANSACTIONS ON INFORMATION THEORY, 1976, 22 (06) :644-654
[4]  
FELDMEIER DC, LECTURE NOTES COMPUT, V435, P44
[5]  
GONG L, 1990, THESIS U CAMBRIDGE
[6]  
GONG L, 1990, ACM COMPUTER COMM RE, V20, P18
[7]  
Gong L., 1992, ACM OPERATING SYST R, V26, P49
[8]  
GONG L, 1990, JUN P IEEE INFOCOM 9, P686
[9]  
KAHN D, 1967, CODEBACKERS
[10]  
KLEIN D, 1990, 2 USENIX SEC WORKSH, P5
123