DPAC: A Reuse-Oriented Password Authentication Framework for Improving Password Security
Traditionally, password authentication is distributed to each application, so developers have to take countermeasures by themselves to defend passwords against various threats. This requires a great amount of effort, a lot of which is repetitive. The high cost poses a potential hindrance to the adoption of countermeasures. This paper proposes a new reuse-oriented password authentication framework, called Desktop Password Authentication Center (DPAC), to reuse counter-measures among applications, thus reducing the cost of defending passwords against threats. In DPAC, we move the task of authentication, as well as the responsibility for protecting passwords,from applications to a dedicated Authentication Center (AuthCenter), so that countermeasures only need to be taken in AuthCenter and afterwards are reused by all applications. This solution can eliminate a lot of repetitive work and reduce the cost significantly. We demonstrate the feasibility of DPAC by implementing a prototype, in which we migrate the widely used OpenSSH to DPAC and implement two example countermeasures.
Hua Wang Yao Guo Xiangqun Chen
Key Laboratory of High Confidence Software Technologies (Ministry of Education) Institute of Software, School of EECS, Peking University
国际会议
11th IEEE High Assurance Systems Engineering Symposium(HASE 2008)(第十一届IEEE高可信系统工程国际研讨会)
南京
英文
475-478
2008-12-03(万方平台首次上网日期,不代表论文的发表时间)