Hardware Crypto-Core Based Authentication System

하드웨어 암호코어 기반 인증 시스템

  • Yoo, Sang-Guun (Dept. of Computer Science & Engineering, Sogang University) ;
  • Park, Keun-Young (Dept. of Computer Science & Engineering, Sogang University) ;
  • Kim, Tae-Jun (Dept. of Computer Science & Engineering, Sogang University) ;
  • Kim, Ju-Ho (Dept. of Computer Science & Engineering, Sogang University)
  • 유상균 (서강대학교 컴퓨터공학과) ;
  • 박근영 (서강대학교 컴퓨터공학과) ;
  • 김태준 (서강대학교 컴퓨터공학과) ;
  • 김주호 (서강대학교 컴퓨터공학과)
  • Published : 2009.01.25

Abstract

Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.

References

  1. 김정회, 김남, 전석희, "디지털 홀로그래픽 보안 인증 시스템", 전자공학회논문지, 제41권 SP편, 제2호, 89-98쪽, 2004년 3월
  2. 김영진, 문대성, 반성범, 정용화, 정교일, "임베디드 생체 인식 기술 구현:지문 보안 토큰 사례", 전자공학회 논문지, 제40권 CI편, 제6호, 39-46쪽, 2004년 11월
  3. P. Oechslin, "Making a Faster Cryptanalytic Time-Memory Trade-Off", CRYPTO 2003 LNCS 2729 pp. 617-630, 2003
  4. John the Ripper password cracker. http://www.openwall.com/john/
  5. Cain & Abel. http://www.oxid.it/cain.html
  6. Project RainborCrack. http://www.antsight.com/zsl/rainbowcrack
  7. Ophcrack. http://ophcrack.sourceforge.net
  8. Lemos Rob, "Hackers can crack most in less than a minute", CNET News.com, May 22 2002. http://www.news.com/2009-1001-916719.html
  9. Wikipedia, "Shadow password". http://en.wikipedia.org/wiki/Shadow_password
  10. Linux Shadow Password Howto. http://tldp.org/HOWTO/Shadow-Password-HOWTO.html
  11. Cracking Cached Domain/Active Directory Passwords on Windows XP/2000/2003 http://www.irongeek.com/i.php?page=security/cachecrack
  12. E. Suh, "AEGIS: A Single-Chip Secure Processor", MIT, Sept. 2005
  13. CryptoCards. IBM eServer Cryptographic Hardware Products http://www-03.ibm.com/security/cryptocards/
  14. TCG, TPM Main Part 1 Design Principles Specification Version 1.2 Level 2 Revision 103, Jul. 2007
  15. TCG, TPM Main Part 2 TPM Structures Specification version 1.2 Level 2 Revision 103, Jul. 2007
  16. TCG, TPM Main Part 3 Commands Specification Version 1.2 Level 2 Revision 103, Jul. 2007.
  17. R. Sailer, X. Zhang, T. Jaeger, L. van Doorn, "Design and implementation of a TCG-based integrity measurement architecture", 13th USENIX Security Symposium, pp 223-238, 2004
  18. GRUB TCG Patch to support Trusted Boot. http://trousers.sourceforge.net/grub.html
  19. Trusted Computing Group, TCG Specification Architecture overview Specification Revision 1.4, Aug. 2007
  20. M. Strasser, H. Stramer, J. Molina. Software- based Emulator. http://tpm-emulator.berlios.de
  21. L. Sarmenta, J. Rhodes, T. Muller, TPM/J Java-based API for the Trusted Platform Module (TPM), MIT CSAIL. http://tpm-emulator.berlios.de