Secure password-based authenticated key exchange for web services

机译：安全的基于密码的Web服务验证密钥交换

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-SecureConversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WS-ResourceFramework-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help address the current unavailability of decent shared-secret-based authentication options in the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.

机译：本文讨论了在WS-Trust和WS-SecureConversation规范中定义的消息原语上呈现的经过身份验证的密钥交换方法的实现。这种IEEE指定的加密方法（AuthA）已被证明是安全的，用于基于密码的身份验证和密钥交换，而WS-Trust和WS-SecureConversation是新兴的Web服务安全规范，它扩展了WS-Security规范。所提供协议的原型已集成在符合WS-ResourceFramework的Globus Toolkit V4中。预计实施的进一步强化将导致将来的Globus Toolkit版本中将附带该版本。这可以帮助解决Web服务和网格世界中当前基于体面的基于共享秘密的身份验证选项不可用的问题。未来的工作将是在身份验证协议中集成一次性密码（OTP）功能。

著录项

来源
《Proceedings of the 2004 workshop on Secure web service》|2004年|P.9-15|共7页
会议地点 Fairfax VA(US)
作者
Liang Fang; Samuel Meder; Olivier Chevassut; Frank Siebenlist;
展开▼
作者单位

Indiana University;

University of Chicago;

Lawrence Berkeley National Laboratory;

Argonne National Laboratory;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类计算机网络;
关键词
web services;

机译：网页服务;

相似文献

外文文献
中文文献
专利

1. An Enhanced and Secure Three-Party Password-based Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems [J] . Farash M. S., Attari M. A. Engineering Economics . 2014,第2期

机译：无需使用服务器的公钥和对称密码系统的增强的安全的，基于三方密码的身份验证密钥交换协议
2. A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks [J] . Mohammad Sabzinejad Farash, SK Hafizul Islam, Mohammad S. Obaidat Concurrency and computation: practice and experience . 2015,第17期

机译：经过验证的安全有效的基于两方密码的显式身份验证密钥交换协议，可抵抗密码猜测攻击
3. A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks [J] . Mohammad Sabzinejad Farash, SK Hafizul Islam, Mohammad S. Obaidat Concurrency and computation: practice and experience . 2015,第17期

机译：一种可透明的安全和有效的双方密码的明确经验验证的密钥交换协议对密码猜测攻击
4. Secure password-based authenticated key exchange for web services [C] . Liang Fang, Samuel Meder, Olivier Chevassut, Workshop on Secure web service . 2004

机译：基于密码的基于密码的经过身份验证的Web服务密钥交换
5. Secure sockets layer certificate vulnerabilities: An examination of challenges affecting authentication of secure websites. [D] . Anderson, David P. 2013

机译：安全套接字层证书漏洞：检查影响安全网站身份验证的挑战。
6. A Provably Secure Revocable ID-Based Authenticated Group Key Exchange Protocol with Identifying Malicious Participants [O] . Tsu-Yang Wu, Tung-Tso Tsai, Yuh-Min Tseng -1

机译：识别恶意参与者的基于安全可撤销的基于ID的经过身份验证的组密钥交换协议
7. Secure Password-Based Authenticated Key Exchange For Web Services [O] . Liang Fang, Samuel Meder, Olivier Chevassut, 2004

机译：基于密码的安全密钥交换Web服务

Secure password-based authenticated key exchange for web services

摘要

著录项

相似文献

相关主题

期刊订阅