• DocumentCode
    2633452
  • Title

    Accessing Password-Protected Resources without the Password

  • Author

    Pashalidis, Andreas

  • Volume
    4
  • fYear
    2009
  • fDate
    March 31 2009-April 2 2009
  • Firstpage
    66
  • Lastpage
    70
  • Abstract
    Sometimes it is desirable to access password-protected resources, but undesirable to disclose the password to the machine in use. In such situations, providing the password is a task that can be delegated to a remote proxy server. This server has to engage the user in a challenge-response mechanism that does not require him to disclose his password to the local machine; if the user responds correctly, then the proxy must recover his password and fetch the protected resource for him. In this paper, we propose three schemes that are suitable for use in this environment and that do not require the proxy server to permanently store a copy of the user´s password. We also briefly describe `keep your password secret´ (KYPS), which is a system that implements one of the schemes, and that has been in use for almost two years.
  • Keywords
    network servers; security of data; challenge-response mechanism; local machine; password-protected resources; remote proxy server; Airports; Atherosclerosis; Authentication; Computer science; Databases; Hardware; Internet; Java; Protection; Web pages; authentication; keyloggers; one-time passwords; password; spyware;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Science and Information Engineering, 2009 WRI World Congress on
  • Conference_Location
    Los Angeles, CA
  • Print_ISBN
    978-0-7695-3507-4
  • Type

    conf

  • DOI
    10.1109/CSIE.2009.910
  • Filename
    5170963
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2633452