Publication Type

Conference Paper

Version

Postprint

Publication Date

5-2005

Abstract

The rapid rise of federated enterprises entails a new way of trust management by the fact that an enterprise can account for partial trust of its affiliating organizations. On the other hand, password has historically been used as a main means for user authentication because of operational simplicity. We are thus motivated to explore the use of short password for user authentication and key exchange in the context of federated enterprises. Exploiting the special structure of a federated enterprise, our proposed new architecture comprises an external server managed by each affiliating organization and a central server managed by the enterprise headquarter. We are concerned with the development of an efficient authentication and key exchange protocol using password, built over the new architecture. The architecture together with the protocol well addresses off-line dictionary attacks initiated at the server side, a problem rarely considered in prior effort.

Discipline

Information Security

Research Areas

Information Security and Trust; Software Systems

Publication

Security and Privacy in the Age of Ubiquitous Computing: IFIP TC11 20th International Information Security Conference May 30-June 1, Chiba, Japan

Volume

181

First Page

95

Last Page

111

ISSN

1868-4238

ISBN

9780387256603

Identifier

10.1007/0-387-25660-1_7

Publisher

Springer

Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Additional URL

http://dx.doi.org/10.1007/0-387-25660-1_7

Share

COinS