基于数字令牌的远程管理

2017 International Conference on Public Key Infrastructure and its Applications (PKIA) Pub Date : 2017-11-01 DOI:10.1109/PKIA.2017.8278962

A. Pandey, B. Rajendran, B. Bindhumadhava

{"title":"基于数字令牌的远程管理","authors":"A. Pandey, B. Rajendran, B. Bindhumadhava","doi":"10.1109/PKIA.2017.8278962","DOIUrl":null,"url":null,"abstract":"Remote administration i.e. controlling a computer from remote location is becoming increasingly common. To avoid constant manual intervention in allowing access (voluntary) to the system and monitor the activities; token based access can be granted, however the tokens can be replayed and attackers may also extract the token and use it to impersonate as authentic users. In this paper we use concept of digital token for remote authentication of an authorized user without man-in-the-loop approach. The proposed method will not only mitigate replay attack, but also prevent impersonation attempts. It can also be attached to a user account, so as to control permissions and subsequent authorizations during the remote session. The integration of digital token in TLS layer is out of scope of this paper.","PeriodicalId":393622,"journal":{"name":"2017 International Conference on Public Key Infrastructure and its Applications (PKIA)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Digital token based remote administration\",\"authors\":\"A. Pandey, B. Rajendran, B. Bindhumadhava\",\"doi\":\"10.1109/PKIA.2017.8278962\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Remote administration i.e. controlling a computer from remote location is becoming increasingly common. To avoid constant manual intervention in allowing access (voluntary) to the system and monitor the activities; token based access can be granted, however the tokens can be replayed and attackers may also extract the token and use it to impersonate as authentic users. In this paper we use concept of digital token for remote authentication of an authorized user without man-in-the-loop approach. The proposed method will not only mitigate replay attack, but also prevent impersonation attempts. It can also be attached to a user account, so as to control permissions and subsequent authorizations during the remote session. The integration of digital token in TLS layer is out of scope of this paper.\",\"PeriodicalId\":393622,\"journal\":{\"name\":\"2017 International Conference on Public Key Infrastructure and its Applications (PKIA)\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Public Key Infrastructure and its Applications (PKIA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PKIA.2017.8278962\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Public Key Infrastructure and its Applications (PKIA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PKIA.2017.8278962","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

远程管理，即从远程位置控制计算机正变得越来越普遍。在允许(自愿)进入系统和监控活动时，避免持续的人工干预;可以授予基于令牌的访问权限，但是可以重放令牌，攻击者也可以提取令牌并使用它来冒充真实用户。本文采用数字令牌的概念对授权用户进行远程认证，而不采用人在环方法。提出的方法不仅可以减轻重放攻击，还可以防止冒充企图。它还可以附加到用户帐户上，以便在远程会话期间控制权限和后续授权。数字令牌在TLS层中的集成不在本文的讨论范围之内。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Digital token based remote administration

Remote administration i.e. controlling a computer from remote location is becoming increasingly common. To avoid constant manual intervention in allowing access (voluntary) to the system and monitor the activities; token based access can be granted, however the tokens can be replayed and attackers may also extract the token and use it to impersonate as authentic users. In this paper we use concept of digital token for remote authentication of an authorized user without man-in-the-loop approach. The proposed method will not only mitigate replay attack, but also prevent impersonation attempts. It can also be attached to a user account, so as to control permissions and subsequent authorizations during the remote session. The integration of digital token in TLS layer is out of scope of this paper.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 International Conference on Public Key Infrastructure and its Applications (PKIA)

自引率

0.00%

发文量