| 威胁分析及确保密码认证和无密码认证解决方案安全的导则 |
 |
安全界正在开展一场大规模运动,用统称为无密码认证的替代解决方案替代密码认证。遗憾的是,许多拟议的无密码解决方案都受到与当前密码解决方案相同的限制。这些拟议无密码解决方案容易受到中间人和网络钓鱼等攻击。
ITU-T X.1283建议书针对基于共享秘密的认证解决方案开展安全和威胁分析。此建议书仔细研究了与密码认证系统和新兴无密码认证解决方案相关的安全风险。
本建议书审议了有关威胁分析的问题,并基于这些方法制定了用于保护用户和账户的导则和最佳做法。本建议书的使用者可利用本建议书为传统解决方案提供支持,因为这些解决方案正在向基于公钥基础设施(PKI)技术的更强大的认证方法过渡,见ITU-T X.1277建议书和ITU-T X.1278建议书。
|
|
| Citation: |
https://handle.itu.int/11.1002/1000/15889 |
| Series title: |
X series: Data networks, open system communications and security
X.1200-X.1299: Cyberspace security
X.1250-X.1299: Identity management (IdM) and Authentication |
| Approval date: |
2024-09-06 |
| Provisional name: | X.gpwd |
| Approval process: | TAP |
|
Status: |
In force |
|
Maintenance responsibility: |
ITU-T Study Group 17 |
|
Further details: |
Patent statement(s)
Development history
|
|
|
| Ed. |
ITU-T Recommendation |
Status |
Summary |
Table of Contents |
Download |
|
1
|
X.1283 (09/2024)
|
In force
|
here
|
here
|
here
|
| Title |
Approved on |
Download |
|
Guidelines for identity-based cryptosystems used for cross-domain secure communications
|
2023
|
here
|
|
Overview of hybrid approaches for key exchange with quantum key distribution
|
2022
|
here
|
|
Guidelines for security management of using artificial intelligence technology
|
2022
|
here
|
|
Unified Security Model (USM) – A neutral integrated system approach to cybersecurity
|
2020
|
here
|
|
Successful use of security standards (2nd edition)
|
2020
|
here
|
|
Description of the incubation mechanism and ways to improve it
|
2020
|
here
|
|
Strategic approaches to the transformation of security studies
|
2020
|
here
|
|
