(3.236.118.225) 您好!臺灣時間:2021/05/14 12:57
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:高定裕
研究生(外文):Ding-yu Kao
論文名稱:具可攜性的使用者認證系統之研製
論文名稱(外文):A portable secure TOP system for user authentication
指導教授:施東河施東河引用關係
指導教授(外文):Dong-her Shih
學位類別:碩士
校院名稱:國立雲林科技大學
系所名稱:資訊管理系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2009
畢業學年度:97
語文別:英文
論文頁數:56
中文關鍵詞:物件密碼圖形密碼驗證3D密碼
外文關鍵詞:Object-based passwordAuthenticationgraphical password3D password
相關次數:
  • 被引用被引用:0
  • 點閱點閱:175
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
目前最普遍的驗證方法是要求使用者輸入一組文字的密碼,但是在密碼的選擇上使用者容易選擇脆弱的密碼。這主要的理由是因為產生一組容易記住而且又難以被猜測的密碼對於使用者是很困難的,即使使用者真的可以創造出一組容易記憶且強健的密碼,這樣的密碼仍然還是無法防止網路竊取的攻擊。此外目前對於如何創造出一組容易記憶、強健與防竊的密碼之研究是相當稀少的,因此本篇論文結合3D密碼與物件密碼,建置TOP系統以改善目前密碼所遭遇到的問題。我們將TOP系統與相關的物件建置在隨身碟中,使用者可以在各個地方的電腦完成驗證。在安全分析中我們發現TOP系統可以產生龐大的密碼空間而且可以滿足多項的安全性分析。在實用性研究上,我們發現使用TOP系統所產生出的3D物件密碼可以比傳統的文字密碼更容易記憶。本篇研究有以下貢獻:1) 使用者可以輕易地產生出一組強健且好記的密碼;2) 將TOP系統建置在隨身碟上,跟過去用智慧卡相比,隨身碟不需要額外的讀卡機,使用者可以更簡單地在各個電腦上完成驗證。
The most common user authentication scheme is to use textual password but users choose weak passwords. The main reason is that users rarely choose passwords that both hard to guess and easy to remember. Even if user can create and remember strong password, it do nothing to protect online users from stealing attacks. Furthermore there are seldom any password schemes to generate a password which is composed of strong, rememberable and anti-stolen. In this paper, we implement the TOP system by applying 3D password, object-based password to improve these password problems. To enable access-from-anywhere, we built TOP system in USB stick. People can carry TOP system and objects with USB stick to complete user authentication. In our security analysis, results show that TOP system can support huge password space and satisfy many security requirements. In usability study, we find out that the participants can create and remember 3DO password of TOP system better than textual password. The main contributions include the following: 1) User can easily make a strong and rememberable password; 2) TOP system use portable USB stick as user’s token. Compare with smart card, portable USB stick doesn’t need extra reader. User can login system easily in every computer.
Abstract in Chenise i
Abstract in English ii
Acknowledment iii
Contents iv
List of Tables vi
List of Figures vii

1. Introduction 1
2. Literature Review 6
2.1 Textual password 7
2.2 Graphical password 7
2.3 Three-Dimensional password 12
2.4 Object-based password 13
3. Proposed TOP System 17
3.1 Architecture of TOP System 17
3.2 TOP System Protocol 19
3.2.1 Registration Phase 20
3.2.2 Login Phase 21
3.2.3 Verification Phase 21
3.3 Prototype of TOP System 23
3.3.1 Implement of TOP system 24
3.3.2 TOP system operation 26
4. Analysis 28
4.1 Security Analysis 28
4.1.1 3DO Password Space Size 28
4.1.2 System Security Requirements Analysis 29
4.2 Performance Analysis 35
4.3 Usability Study 36
4.3.1 Experimental design 36
4.3.2 Participants 36
4.3.3 Materials 37
4.3.4 Procedure 37
4.3.5 Result 38
4.3.6 Discussion 41
5. Conclusion 43
References 45
[1]O. G. Lawrence, “Comparing passwords, tokens, and biometrics for user authentication,” PROCEEDINGS OF THE IEEE, vol. 91, no. 12, 2003, pp. 2019-2020.
[2]D. Klein, “ Foiling the Cracker: A Survey of, and Improvements to, Password Security ” Proc. USENIX Security Workshop, USENIX, 1990, pp. 5-14.
[3]D. Florencio and C. Herley, “A large-scale study of web password habits, in Proceeding of the 16th international conference on the world wide web, 2007.
[4]J. Yan, A. Blackwell, R. Anderson, and A. Grant, “Password memorability and security: empirical results,” Security & Privacy, IEEE, vol. 2, no. 5, 2004, pp. 25-31.
[5]M. Mannan and P. C. Oorschot, “Digital Objects as Passwords,” in Proceeding of 3rd USENIX Workshop on Hot Topic in Security,2008.
[6]R. E. Smith, “Avoiding Risky Password Rules,” 2002, from http://www.cryptosmith.com/sanity/riskyrules.html.
[7]Microsoft, “Strong passwords: How to create and use them,” 2006, from http://www.microsoft.com/protect/yourself/password/create.mspx.
[8]R. N. Shepard, “Recognition memory for words, sentences, and pictures,” Verbal Learning and Verbal Behavior, vol. 6, 1967.
[9]G. E. Blonder, Graphical password, Lucent Technologies Inc. (Murray Hill, NJ), 1996.
[10]L. Sobrado and J. C. Birget, “Graphical passwords,” 2002.
[11]I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, “The design and analysis of graphical passwords,” in Proceeding of 8th USENIX Security Symposium, 1999.
[12]S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy, and N. Memon, “PassPoints: Design and longitudinal evaluation of a graphical password system,” International Journal of Human-Computer Studies, vol. 63, no. 1-2, 2005, pp. 102-127.
[13]X. Suo, Y. Zhu, and G. S. Owen, “Graphical passwords: a survey,” In 21st Annual Computer Security Applications Conference (ACSAC), 2005.
[14]T. Valentine, Memory for Passfaces after a Long Delay, Goldsmiths College, 1999.
[15]F. A. Alsulaiman and A. E. Saddik, “A Novel 3D Graphical Password Schema,” Proc. Virtual Environments, Human-Computer Interfaces and Measurement Systems, Proceedings of 2006 IEEE International Conference on, 2006, pp. 125-128.
[16]J. Thorpe and P. C. Oorschot, “Graphical Dictionaries and the Memorable Space of Graphical Passwords,” Proc. the 13th USENIX Security Symposium, USENIX, 2004.
[17]D. Florencio and B. Coskun, “Do Strong Web Passwords Accomplish Anything?,” Proc. HotSec ''07, 2007.
[18]F. A. Alsulaiman and A. E. Saddik, “Three-dimensional password for more secure authentication,” IEEE Transactions on Instrumentation and Measurement, vol. 57, no. 9, 2008, pp. 1929-1938.
[19]A. Adams and M. A. Sasse, “Users are not the enemy,” Communications of the ACM, vol. 42, 1999.
[20]R. Dhamija and A. Perrig, “Deja Vu: a user study using images for authentication,” Proc. USENIX Security Workshop, USENIX, 2000.
[21]RealUserCorporation, “The science behind Passfaces”, from www.realuser.com.
[22]T. Valentine, An evaluation of the Passface personal authentication system, Goldsmiths College, 1998.
[23]S. Brostoff and M. A. Sassw, “Are Passfaces more usable than passwords: a field trial investigation,” Proc. in People and Computers XIV - Usability or Else: Proceedings of HCI, Springer-Verlag, 2000.
[24]D. Davis, F. Monrose, and M. K. Reiter, “On user choice in graphical password schemes,” in Proceedings of the 13th Usenix Security Symposium. San Diego, CA, 2004.
[25]Passlogix; from www.passlogix.com.
[26]L. D. Paulson, “Taking a graphical approach to the password,” Computer, vol. 35, no. 7, 2002, pp. 19-19.
[27]S. W. Lee, H. S. Kim, and K. Y. Yoo, “Efficient nonce-based remote user authentication scheme using smart cards,” Applied Mathematics and Computation, vol. 167, no. 1, 2005, pp. 355-361.
[28]I. E. Liao, C. C. Lee, and M. S. Hwang, “A password authentication scheme over insecure networks,” Journal of Computer and System Sciences, vol. 72, no. 4, 2006, pp. 727-740.
[29]H. M. Sun, “An efficient remote use authentication scheme using smart cards,” Consumer Electronics, IEEE Transactions on, vol. 46, no. 4, 2000, pp. 958-961.
[30]W. S. Juang, S. T. Chen, and H. T. Liaw, “Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards,” IEEE Transactions on Industrial Electronics, vol. 55, no. 6, 2008.
[31]H. S. Rhee, J. O. Kwon ,and D. H. Lee, “A remote user authentication scheme without using smart cards,” Computer Standards & Interfaces, vol. 31, no. 1, 2009, pp. 6-13.
[32]W. G. Shieh and M. T. Wang, “A Cost Effective Mutual Authentication Scheme with Key Agreement using Smart Cards,” International Journal of Information and Management Sciences, vol. 19, 2008.
[33]Y. C. Chen and L. Y. Yeh, “An efficient nonce-based authentication scheme with key agreement,” Applied Mathematics and Computation, vol. 169, no. 2, 2005, pp. 982-994.
[34]S. W. Lee, H. S. Kim , and K. Y. Yoo, “Improved Efficient Remote User Authentication Scheme using Smart Cards,” Consumer Electronics, IEEE Transactions on, vol. 50, no. 2, 2004.
[35]V. A. Brennen, "Cryptography Dictionary," vol. 2005,1.0.0 ed, 2004.
[36]G. Orgill, G. W. Romney, and P. M. Orgill, "The Urgency for Effective User Privacy Education to Counter Social Engineering Attacks on Secure Computer Systems," presented at 5th Coneference on Information Technology Education (SIGITE ''04), Salt Lake City, Utah, 2004.
[37] C. I. Fan, Y. C. Chan, and Z. K. Zhang, “Robust remote authentication scheme with smart cards,” Computers & Security, vol. 24, no. 8, 2005, pp. 619-628.
[38] W. S. Juang, “Efficient password authenticated key agreement using smart cards,” Computers & Security, vol. 23, no. 2, 2004, pp. 167-173.
[39] H. Y. Chien, J. K. Jan, and Y. M. Tseng, “An Efficient and Practical Solution to Remote Authentication: Smart Card,” Computers & Security, vol. 21, no. 4, 2002, pp. 372-375.
[40] M. S. Hwang and L. H. Li, “A new remote user authentication scheme using smart cards,” Consumer Electronics, IEEE Transactions on, vol. 46, no. 1, 2000, pp. 28-30.
[41] W. H. Yang and S. P. Shieh, “Password authentication schemes with smart cards,” Computers & Security, vol. 18, no. 8, 1999, pp. 727-733.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔