Перевод названия: Password authentication with implementation of dynamic keys
Тип публикации: статья из журнала
Год издания: 2016
Ключевые слова: аутентификация, многоразовые пароли, хеш-функция, хранение пароля, разделение секрета, authentication, Hash functions, passwords, password storage, secret sharing
Аннотация: Многоразовые пароли - самый популярный способ аутентификации на сегодняшний день, однако при этом - самый небезопасный. В данной работе представлен метод аутентификации с использованием многоразовых паролей, существенно усложняющий реализацию атак, следствием которых является получение информации, достаточной для подбора паролей. СПоказать полностьюуть метода - «размывание» пароля пользователя на множестве узлов в сети. Authentication still remains one of the major problems in information security. There is a large number of solutions aimed at providing security of authentication. Some of the solutions are intended to ensure that authentication data are impossible to be compromised by accessing the transfer channel for authentication data (class A attacks). Other types of security methods protect authentication data in their storage (class B attacks). Authentication by username and password is currently the most widely used authentication method. Passwords are stored on a server with implementation of one-way hash functions. Password hash can be cracked by brute force enumeration, which allows successful class B attacks. The paper presents a password identification method, which does not involve storing passwords in one centralized place. Passwords are split in many parts that are stored on separate computers on the Internet. Assuming that one or several computers of such network are compromised it will not result in disclosure of any useful authentication data. Hence, remote nodes may be untrusted and all internet users can become participants of the data exchange. The solution presented in this paper provides a multiple increase of user password security against class B attacks even should an adversary succeed in cracking the server and a part of the network nodes. DKAuth is the practical implementation of the presented technology. The above solutions were tested as an authentication service. The data obtained evidence that the DKAuth Protocol can be used even in applications with high operation loads.
Журнал: Прикладная информатика
Выпуск журнала: Т. 11, № 6
Номера страниц: 108-120
ISSN журнала: 19938314
Место издания: Москва
Издатель: Негосударственное образовательное частное учреждение высшего образования "Московский финансово-промышленный университет "Синергия"