search query: @supervisor Nyberg, Kaisa / total: 11
results-list
reference: 2 / 11
« previous | next »
Author:Santamaria, Marc
Title:The Internet password authentication protocol SCRAM and its security
Publication type:Master's thesis
Publication year:2010
Pages:[11] + 83 + liitt.      Language:   eng
Department/School:Informaatio- ja luonnontieteiden tiedekunta
Main subject:Tietojenkäsittelyteoria   (T-79)
Supervisor:Nyberg, Kaisa
Instructor:Sese, Gemma
OEVS:
Electronic archive copy is available via Aalto Thesis Database.
Instructions
close

Reading digital theses in the closed network of the Aalto University Harald Herlin Learning Centre

In the closed network of Learning Centre you can read digital and digitized theses not available in the open network.

The Learning Centre contact details and opening hours: https://learningcentre.aalto.fi/en/harald-herlin-learning-centre/

You can read theses on the Learning Centre customer computers, which are available on all floors.

Logging on to the customer computers

  • Aalto University staff members log on to the customer computer using the Aalto username and password.
  • Other customers log on using a shared username and password.

Opening a thesis

  • On the desktop of the customer computers, you will find an icon titled:

    Aalto Thesis Database

  • Click on the icon to search for and open the thesis you are looking for from Aaltodoc database. You can find the thesis file by clicking the link on the OEV or OEVS field.

Reading the thesis

  • You can either print the thesis or read it on the customer computer screen.
  • You cannot save the thesis file on a flash drive or email it.
  • You cannot copy text or images from the file.
  • You cannot edit the file.

Printing the thesis

  • You can print the thesis for your personal study or research use.
  • Aalto University students and staff members may print black-and-white prints on the PrintingPoint devices when using the computer with personal Aalto username and password. Color printing is possible using the printer u90203-psc3, which is located near the customer service. Color printing is subject to a charge to Aalto University students and staff members.
  • Other customers can use the printer u90203-psc3. All printing is subject to a charge to non-University members.
Location:P1 Ark Aalto  8665   | Archive
Keywords:password-based cryptography
authentication mechanisms
SASL mechanisms
challenge response
salted passwords
SCRAM
salasanaperusteinen turvallisuus
autentikointimekanismi
SASL-mekanismi
haaste-vaste
suolattu salasana
Abstract (eng): SCRAM is a family of Challenge Response Authentication Mechanisms that makes use of salted passwords for security purposes and can accommodate different hash and MAC functions.
It is intended to substitute the mechanisms that are nowadays in use like CRAM-MD5 and DIGEST-MD5.
This thesis explores the specification of this family of authentication mechanisms.
In the specification some security considerations and claims are stated without proper justification.
A major goal of this work is to analyse the correctness of the given claims and provide justification where possible.
A comparison between the previous mechanism and SCRAM is given, analysing why it is a better alternative and an improvement over the ones in use now.
The possibility of changing the authentication values needed in the exchange (password, salt and iteration count) is missing in the original specification.
An extension to provide this missing functionality is provided here.
An implementation of the mechanism in Java is given and its interoperability with other existing implementations is tested.
Abstract (fin): SCRAM on turvalliseen autentikointiin suunniteltu mekanismiperhe, joka perustuu nk. suolattuihin sanasanoihin ja joka voi käyttää erilaisia salausteknisiä datan hajoitus- ja autentikointifunktioita.
Se on tarkoitettu korvaamaan tällä hetkellä käytössä olevat menetelmät CRAM-MD5 ja DIGEST-MD5.
Tässä diplomityössä tarkastellaan tämän autentikointimekanismiperheen määrittelyä.
Määrittelydokumentissa on suoritettu turvallisuustarkasteluja ja jotkin turvallisuusväitteet on esitetty ilman tyhjentävää perustelua.
Eräs tämän diplomityön tärkein tehtävä on esitettyjen turvallisuusominaisuuksien analyysi ja oikeaksi todentaminen mikäli mahdollista.
Työssä suoritetaan myös vertailua SCRAM-mekanismin ja aikaisempien menetelmien välillä ja analysoidaan tehtyjä parannuksia turvallisuuden, käytettävyyden ja toteutettavuuden kannalta.
Alkuperäinen määrittely ei sisällä autentikoinnin käyttäjäkohtaisten arvojen vaihtamismekanismia.
Tässä työssä esitetään eräs mahdollinen määritelmän laajennus tällaisen mekanismin toteuttamiseksi.
Koko SCRAM-mekanismi on toteutettu Java-ohjelmointikielellä ja implementaation yhteentoimivuutta on testattu joidenkin jo olemassa olevien implementaatioiden kanssa.
ED:2010-09-01
INSSI record number: 40361
+ add basket
« previous | next »
INSSI