当前位置:
X-MOL 学术
›
arXiv.cs.CR
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Adversary Models for Mobile Device Authentication
arXiv - CS - Cryptography and Security Pub Date : 2020-09-21 , DOI: arxiv-2009.10150 Ren\'e Mayrhofer, Vishwath Mohan, Stephan Sigg
arXiv - CS - Cryptography and Security Pub Date : 2020-09-21 , DOI: arxiv-2009.10150 Ren\'e Mayrhofer, Vishwath Mohan, Stephan Sigg
Mobile device authentication has been a highly active research topic for over
10 years, with a vast range of methods having been proposed and analyzed. In
related areas such as secure channel protocols, remote authentication, or
desktop user authentication, strong, systematic, and increasingly formal threat
models have already been established and are used to qualitatively and
quantitatively compare different methods. Unfortunately, the analysis of mobile
device authentication is often based on weak adversary models, suggesting
overly optimistic results on their respective security. In this article, we
first introduce a new classification of adversaries to better analyze and
compare mobile device authentication methods. We then apply this classification
to a systematic literature survey. The survey shows that security is still an
afterthought and that most proposed protocols lack a comprehensive security
analysis. Our proposed classification of adversaries provides a strong uniform
adversary model that can offer a comparable and transparent classification of
security properties in mobile device authentication methods.
中文翻译:
移动设备身份验证的对抗模型
十多年来,移动设备身份验证一直是一个非常活跃的研究课题,已经提出和分析了大量方法。在安全通道协议、远程身份验证或桌面用户身份验证等相关领域,已经建立了强大、系统且越来越正式的威胁模型,并用于定性和定量比较不同的方法。不幸的是,对移动设备身份验证的分析通常基于弱对手模型,这表明它们各自的安全性结果过于乐观。在本文中,我们首先介绍一种新的攻击者分类,以更好地分析和比较移动设备身份验证方法。然后,我们将此分类应用于系统的文献调查。调查表明,安全仍然是事后的想法,大多数提议的协议都缺乏全面的安全分析。我们提出的对手分类提供了一个强大的统一对手模型,可以在移动设备身份验证方法中提供可比较和透明的安全属性分类。
更新日期:2020-09-23
中文翻译:
移动设备身份验证的对抗模型
十多年来,移动设备身份验证一直是一个非常活跃的研究课题,已经提出和分析了大量方法。在安全通道协议、远程身份验证或桌面用户身份验证等相关领域,已经建立了强大、系统且越来越正式的威胁模型,并用于定性和定量比较不同的方法。不幸的是,对移动设备身份验证的分析通常基于弱对手模型,这表明它们各自的安全性结果过于乐观。在本文中,我们首先介绍一种新的攻击者分类,以更好地分析和比较移动设备身份验证方法。然后,我们将此分类应用于系统的文献调查。调查表明,安全仍然是事后的想法,大多数提议的协议都缺乏全面的安全分析。我们提出的对手分类提供了一个强大的统一对手模型,可以在移动设备身份验证方法中提供可比较和透明的安全属性分类。