Publikation:

Breaking Randomized Linear Generation Functions Based Virtual Password System

Vorschaubild

Dateien

Li_4_ICC2010.pdf
Li_4_ICC2010.pdfGröße: 129.36 KBDownloads: 319

Datum

2010

Autor:innen

Khayam, Syed Ali
Sadeghi, Ahmad-Reza
Schmitz, Roland

Herausgeber:innen

Kontakt

ISSN der Zeitschrift

Electronic ISSN

ISBN

Bibliografische Daten

Verlag

Schriftenreihe

Auflagebezeichnung

URI (zitierfähiger Link)
http://nbn-resolving.de/urn:nbn:de:bsz:352-opus-127392
DOI (zitierfähiger Link)
https://doi.org/10.1109/ICC.2010.5502416
ArXiv-ID

Internationale Patentnummer

Link zur Lizenz
Urheberrechtlich geschützt

Angaben zur Forschungsförderung

Projekt

Open Access-Veröffentlichung
Open Access Green

Sammlungen

Informatik und Informationswissenschaft: Publikationen
Zukunftskolleg: Publikationen
Core Facility der Universität Konstanz

Gesperrt bis

Titel in einer weiteren Sprache

Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published

Erschienen in

2010 IEEE International Conference on Communications. IEEE, 2010, pp. 1-6. ISBN 978-1-4244-6402-9. Available under: doi: 10.1109/ICC.2010.5502416

Zusammenfassung

In ICC2008 and subsequent work, Lei et al. proposed a user authentication system (virtual password system), which is claimed to be secure against identity theft attacks, including phishing, keylogging and shoulder surfing. Their authentication system is a challenge-response protocol based on a randomized linear generation function, which uses a random integer in the responses of each login session to offer security against assorted attacks. In this paper we show that their virtual password system is insecure and vulnerable to multiple attacks. We show that with high probability an attacker can recover an equivalent password with only two (or a few more) observed login sessions. We also give a brief survey of the related work and discuss the main challenges in designing user authentication methods secure against identity theft.

Zusammenfassung in einer weiteren Sprache

Fachgebiet (DDC)
004 Informatik

Schlagwörter

Konferenz

ICC 2010 - 2010 IEEE International Conference on Communications, 23. Mai 2010 - 27. Mai 2010, Cape Town, South Africa
Rezension
undefined / . - undefined, undefined

Forschungsvorhaben

Organisationseinheiten

Zeitschriftenheft

Zugehörige Datensätze in KOPS

Zitieren

ISO 690LI, Shujun, Syed Ali KHAYAM, Ahmad-Reza SADEGHI, Roland SCHMITZ, 2010. Breaking Randomized Linear Generation Functions Based Virtual Password System. ICC 2010 - 2010 IEEE International Conference on Communications. Cape Town, South Africa, 23. Mai 2010 - 27. Mai 2010. In: 2010 IEEE International Conference on Communications. IEEE, 2010, pp. 1-6. ISBN 978-1-4244-6402-9. Available under: doi: 10.1109/ICC.2010.5502416
BibTex
@inproceedings{Li2010-05Break-6389,
  year={2010},
  doi={10.1109/ICC.2010.5502416},
  title={Breaking Randomized Linear Generation Functions Based Virtual Password System},
  isbn={978-1-4244-6402-9},
  publisher={IEEE},
  booktitle={2010 IEEE International Conference on Communications},
  pages={1--6},
  author={Li, Shujun and Khayam, Syed Ali and Sadeghi, Ahmad-Reza and Schmitz, Roland}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/6389">
    <dc:rights>terms-of-use</dc:rights>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:12:23Z</dcterms:available>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6389/1/Li_4_ICC2010.pdf"/>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dc:creator>Khayam, Syed Ali</dc:creator>
    <dcterms:bibliographicCitation>First publ. in: 2010 IEEE International Conference on Communications : (ICC 2010) ; Cape Town, South Africa, 23 - 27 May 2010. Piscataway, NJ : IEEE, 2010, pp. 1- 6</dcterms:bibliographicCitation>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/6389"/>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/52"/>
    <dc:contributor>Khayam, Syed Ali</dc:contributor>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T16:12:23Z</dc:date>
    <dc:creator>Sadeghi, Ahmad-Reza</dc:creator>
    <dc:contributor>Sadeghi, Ahmad-Reza</dc:contributor>
    <dc:creator>Schmitz, Roland</dc:creator>
    <dcterms:abstract xml:lang="eng">In ICC2008 and subsequent work, Lei et al. proposed a user authentication system (virtual password system), which is claimed to be secure against identity theft attacks, including phishing, keylogging and shoulder surfing. Their authentication system is a challenge-response protocol based on a randomized linear generation function, which uses a random integer in the responses of each login session to offer security against assorted attacks. In this paper we show that their virtual password system is insecure and vulnerable to multiple attacks. We show that with high probability an attacker can recover an equivalent password with only two (or a few more) observed login sessions. We also give a brief survey of the related work and discuss the main challenges in designing user authentication methods secure against identity theft.</dcterms:abstract>
    <dcterms:title>Breaking Randomized Linear Generation Functions Based Virtual Password System</dcterms:title>
    <dc:creator>Li, Shujun</dc:creator>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/52"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/6389/1/Li_4_ICC2010.pdf"/>
    <dcterms:issued>2010-05</dcterms:issued>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dc:contributor>Li, Shujun</dc:contributor>
    <dc:contributor>Schmitz, Roland</dc:contributor>
    <dc:format>application/pdf</dc:format>
    <dc:language>eng</dc:language>
  </rdf:Description>
</rdf:RDF>

Interner Vermerk

xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter

Kontakt
URL der Originalveröffentl.

Prüfdatum der URL

Prüfungsdatum der Dissertation

Finanzierungsart

Kommentar zur Publikation

Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
Begutachtet
Diese Publikation teilen