{"title":"基于QR码的轻量级认证协议在云端使用密码学","authors":"Iulian Aciobanitei, Iulian Catalin Buhus, Mihai-Lica Pura","doi":"10.1109/SACI.2018.8440949","DOIUrl":null,"url":null,"abstract":"Secure communication and secure resource sharing using insecure networks, such as the Internet, are usually provided using authentication. The classical approach for user authentication is the username and password pair, which is known to be vulnerable to leaks created by various attack techniques (phishing, keystroke logger, web server database breaking, etc.). The main solution for this has been One Time Passwords, but they have the general disadvantage of needing additional specialized devices, that the user has to use and manage. New solutions have been lately proposed that use QR codes to distribute the authentication process between the computer, the smart phone of the user and the server to which she/he needs to authenticate. This paper makes a step further in distributing the authentication, by proposing the use of cloud cryptography in the process, thus relieving the smart phone from the burden of private key management and of performing high cost cryptographic operations. The paper describes the proposition through a proof-of-concept which is analyzed from the point of view of the advantages thus obtained.","PeriodicalId":126087,"journal":{"name":"2018 IEEE 12th International Symposium on Applied Computational Intelligence and Informatics (SACI)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Using Cryptography in the Cloud for Lightweight Authentication Protocols Based on QR Codes\",\"authors\":\"Iulian Aciobanitei, Iulian Catalin Buhus, Mihai-Lica Pura\",\"doi\":\"10.1109/SACI.2018.8440949\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Secure communication and secure resource sharing using insecure networks, such as the Internet, are usually provided using authentication. The classical approach for user authentication is the username and password pair, which is known to be vulnerable to leaks created by various attack techniques (phishing, keystroke logger, web server database breaking, etc.). The main solution for this has been One Time Passwords, but they have the general disadvantage of needing additional specialized devices, that the user has to use and manage. New solutions have been lately proposed that use QR codes to distribute the authentication process between the computer, the smart phone of the user and the server to which she/he needs to authenticate. This paper makes a step further in distributing the authentication, by proposing the use of cloud cryptography in the process, thus relieving the smart phone from the burden of private key management and of performing high cost cryptographic operations. The paper describes the proposition through a proof-of-concept which is analyzed from the point of view of the advantages thus obtained.\",\"PeriodicalId\":126087,\"journal\":{\"name\":\"2018 IEEE 12th International Symposium on Applied Computational Intelligence and Informatics (SACI)\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE 12th International Symposium on Applied Computational Intelligence and Informatics (SACI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SACI.2018.8440949\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 12th International Symposium on Applied Computational Intelligence and Informatics (SACI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SACI.2018.8440949","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Using Cryptography in the Cloud for Lightweight Authentication Protocols Based on QR Codes
Secure communication and secure resource sharing using insecure networks, such as the Internet, are usually provided using authentication. The classical approach for user authentication is the username and password pair, which is known to be vulnerable to leaks created by various attack techniques (phishing, keystroke logger, web server database breaking, etc.). The main solution for this has been One Time Passwords, but they have the general disadvantage of needing additional specialized devices, that the user has to use and manage. New solutions have been lately proposed that use QR codes to distribute the authentication process between the computer, the smart phone of the user and the server to which she/he needs to authenticate. This paper makes a step further in distributing the authentication, by proposing the use of cloud cryptography in the process, thus relieving the smart phone from the burden of private key management and of performing high cost cryptographic operations. The paper describes the proposition through a proof-of-concept which is analyzed from the point of view of the advantages thus obtained.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
