Keep Passwords Away from Memory: Password Caching and Verification Using TPM

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Hua Wang Articles by Yao Guo Articles by Xia Zhao Articles by Xiangqun Chen

22nd International Conference on Advanced Information Networking and Applications (aina 2008)

March 25-March 28

ISBN: 978-0-7695-3095-6

	ASCII Text	x
	Hua Wang, Yao Guo, Xia Zhao, Xiangqun Chen, "Keep Passwords Away from Memory: Password Caching and Verification Using TPM," Advanced Information Networking and Applications, International Conference on, pp. 755-762, 22nd International Conference on Advanced Information Networking and Applications (aina 2008), 2008.

	BibTex	x
	@article{ 10.1109/AINA.2008.109, author = {Hua Wang and Yao Guo and Xia Zhao and Xiangqun Chen}, title = {Keep Passwords Away from Memory: Password Caching and Verification Using TPM}, journal ={Advanced Information Networking and Applications, International Conference on}, volume = {0}, year = {2008}, issn = {1550-445X}, pages = {755-762}, doi = {http://doi.ieeecomputersociety.org/10.1109/AINA.2008.109}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Advanced Information Networking and Applications, International Conference on TI - Keep Passwords Away from Memory: Password Caching and Verification Using TPM SN - 1550-445X SP755 EP762 A1 - Hua Wang, A1 - Yao Guo, A1 - Xia Zhao, A1 - Xiangqun Chen, PY - 2008 KW - Password Authentication KW - TPM KW - OIAP VL - 0 JA - Advanced Information Networking and Applications, International Conference on ER -

Hua Wang

Yao Guo

Xia Zhao

Xiangqun Chen

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/AINA.2008.109

TPM is able to provide strong secure storage for sensitive data such as passwords. Although several commercial password managers have used TPM to cache passwords, they are not capable of protecting passwords during verification. This paper proposes a new TPM-based password caching and verification method called PwdCaVe. In addition to using TPM in password caching, PwdCaVe also uses TPM during password verification. In PwdCaVe, all password-related computations are performed in the TPM. PwdCaVe guarantees that once a password is cached in the TPM, it will be protected by the TPM through the rest of its lifetime, thus eliminating the possibility that passwords might be attacked in memory. A prototype of PwdCaVe is implemented on Linux to demonstrate its feasibility.

Index Terms:

Password Authentication, TPM, OIAP

Citation:

Hua Wang, Yao Guo, Xia Zhao, Xiangqun Chen, "Keep Passwords Away from Memory: Password Caching and Verification Using TPM," aina, pp.755-762, 22nd International Conference on Advanced Information Networking and Applications (aina 2008), 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.