SPP: An anti-phishing single password protocol

Computer Networks

Volumn 51, Issue 13, 2007, Pages 3715-3726

  Gouda, Mohamed G ^a   Liu, Alex X ^b   Leung, Lok M ^a   Alam, Mohamed A ^a  

^a University of Texas at Austin   (United States)

^b Michigan State University   (United States)

Author keywords

Authentication; Network security; Password protocols; Phishing attacks; Protocol design

Indexed keywords

HASH FUNCTION; PASSWORD PROTOCOLS; PHISHING ATTACKS; PROTOCOL DESIGN;

AUTHENTICATION; COMPUTER CRIME; FUNCTIONS; INTERNET; NETWORK SECURITY; SERVERS;

NETWORK PROTOCOLS;

EID: 34447273595     PISSN: 13891286     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comnet.2007.03.007     Document Type: Article

References (19)

1. Adams A., and Sasse M.A. User are not the enemy. Communications of the ACM 42 12 (1999) 40-46
2. Anti-Phishing Working Group. http://www.antiphishing.org/. Accessed: January 30, 2005.
3. S.M. Bellovin, M. Merritt, Encrypted key exchange: password-based protocols secure against dictionary attacks, in: Proceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy, 1992, pp. 72-84.
4. J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart, Http authentication: Basic and digest access authentication, RFC 2617, 1999.
5. A.O. Freier, P. Karlton, P.C. Kocher, The ssl protocol version 3.0 internet draft, March 1996. http://wp.netscape.com/eng/ssl3/draft302.txt.
6. K. Fu, E. Sit, K. Smith, N. Feamster, Dos and don'ts of client authentication on the web, in: Proceedings of the 10th USENIX Security Symposium, August 2001.
7. N. Haller, The s/key one-time password system, RFC 1760, 1995.
8. N. Haller, C. Metz, A one-time password system, RFC 1938, 1996.
9. N.M. Haller, The S/KEY one-time password system, in: Proceedings of the Symposium on Network and Distributed System Security, 1994, pp. 151-157.
10. R. Kanaley, Login error trouble keeping track of all your sign-ons? Here's a place to keep your electronic keys, but you'd better remember the password, San Jose Mercury News, February 4, 2001.
11. Kormann D.P., and Rubin A.D. Risks of the passport single signon protocol. Computer Networks 33 (2000) 51-58
12. Lamport L. Password authentication with insecure communication. Communications of the ACM 24 11 (1981) 770-771
13. McDaniel P.D. Handbook of Information Security, chapter Computer and Network Authentication (2004), John Wiley and Sons Inc.
14. D.L. McDonald, R.J. Atkinson, C. Metz, One time passwords in everything (opie): experience with building and using stronger authentication, in: Proceedings of the 5th USENIX UNIX Security Symposium, 1995.
15. Microsoft Passport, http://www.passport.net/. Accessed: November 18, 2004.
16. R. Rivest, The md5 message-digest algorithm, RFC 1321, 1992.
17. A.D. Rubin, Independent one-time passwords, in: Proceedings of the 5th USENIX Security Symposium, 1995, pp. 167-175.
18. US National Institute of Science and Technology. Secure hash standard. Federal Information Processing Standard (FIPS) 180-1, 1993.
19. T. Wu, The secure remote password protocol, in: Proceedings of the Internet Society Symposium on Network and Distributed System Security, March 1998, pp. 97-111.