|
Work item:
|
X.hakm
|
|
Subject/title:
|
Guidelines on hybrid authentication and key management mechanisms in client-server model
|
|
Status:
|
[Carried to next study period]
|
|
Approval process:
|
AAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
-
|
|
Liaison:
|
-
|
|
Supporting members:
|
China Mobile, ETRI, Korea (Republic of).
|
|
Summary:
|
Mobile devices are used for a wide range of services such as finance and big-data, where a service provider or a server might provide important information with a client holding the mobile devices. For the services to be reliable, authentication should be properly provided considering different security capabilities. In a client-server model, a password is commonly used as an authentication factor, because it can be memorized. Also, password-authenticated key agreement protocols such as Rec. ITU-T X.1151 are well constructed to compute a common key and establish a secure session between a client and a server or a service provider.
However, there are various kinds of threats that cause to leak a password, for example, installing malware, hacking a system, shoulder-surfing, and investigating lost/stolen portable mobile devices. When a password is revealed to an adversary, a server impersonation attack is easily possible in password-authenticated key agreement protocols. Subsequently, a client is vulnerable to additional serious attacks because the services treat user-intensive information for Fintech and big-data/cloud services.
Recommendation ITU-T X.hakm provides guidelines for hybrid authentication and key agreement mechanisms in a client-server model. The Recommendation covers service scenarios, security threats and typical attack methods, and technical methods to mitigate these risks. The Recommendation significantly enhances key management mechanisms based on only weak secrets such as Rec. ITU-T X.1151 by preventing server impersonation attacks.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2016-07-06 17:10:30
|
|
Last update:
2016-09-12 15:27:24
|
