Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Password Authentication Scheme based on Operation of Alpha-numeric Characters on Matrix

행렬 상에서 문자 간 연산을 수행하는 패스워드 인증 기법

  • Published : 2009.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Besides the passwords have low complexity, they can easily be revealed by the shoulder-surfing attack when they are inputted through the input devices such like keyboard. To overcome these problems, many new authentication schemes, which change the user secret different form or let users input their secrets through the more complex manners, have been suggested, but it is still hard to find the balanced point between usability and security. In this paper, we introduce a new authentication scheme that use the traditional alpha-numeric password as user secret based on operation of them on matrix. We show the security strength of our proposal through the analyses in the various aspects and confirm the difficulty that users feel from our proposal through the user study.

패스워드는 그 자체만으로도 낮은 복잡도를 가지고 있을 뿐만 아니라, 안전하지 않은 환경에서 그대로 키보드와 같은 입력 장치를 통하여 입력하는 행위는 훔쳐보기와 같은 공격으로 쉽게 노출될 수 있다. 이러한 문제를 극복하고자 사용자 비밀의 형태를 다른 것으로 바꾸거나 복잡한 입력과정을 통하여 입력을 수행하는 방법들이 제안되어 왔으나, 보안성과 사용자 편의성에 있어서 적합한 타협점을 찾지 못하고 있다. 이 논문에서는 행렬 상에 문자들 사이에서의 연산을 통하여 기존 형태의 패스워드를 비밀로 사용하는 인증 기법에 대해서 소개한다. 다양한 각도에서의 분석을 통하여 기법이 갖는 안전성을 보이고, 사용자 실험을 통하여 사용자들이 실제로 느끼는 기법에 대한 어려움 등을 확인할 것이다.

Keywords

References

  1. R. Dhamija and A, Perrig, 'Deja Vu: A User Study Using Images for Authentication,' Proc. of 9th USENIX Security Symposium, p, 4, Aug, 2000
  2. S. Wiedenbeck, J. Waters, J.C. Birget, A. Brodskily, and N. Memon, 'PassPoints: Design and longitudinal evaluation of a graphical passwords system,' International Journal of Human-Computer Studies (Special Issue on HCI Research in Privacy and Security), vol. 63, pp. 102-127, May 2005 https://doi.org/10.1016/j.ijhcs.2005.04.010
  3. S, Wiedenbeck, J. Waters, L. Sobrado, and J.C. Birget, 'Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme,' Proc. of Advanced Visual Interfaces (AVI), pp. 177-184, May 2006 https://doi.org/10.1145/1133265.1133303
  4. T. Matsumoto and H, Imai, 'Human Identification Through Insecure Channel,' Proc. of EUROCRYT 91, LNCS 547, pp. 402-421, 1991
  5. N. Hopper and M. Blum, 'Secure Human Identification Protocols,' Proc. of ASIACRYPT, LNCS 2248, pp. 52-66, 2001
  6. D. Weinshall, 'Cognitive Authentication Schemes Safe Against Spyware (Short Paper),' Proc. of the 2006 IEEE Symposium on Security and Privacy (S&P), pp. 1-16, May 2006
  7. P. Golle and D. Wagner, 'Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract),' Proc. of the 2007 IEEE Symposium on Security and Privacy (S&P), pp. 66-70, May 2007
  8. H. Jameel, R.A. Shaikh, H. Lee, and S. Lee, 'Human Identification Through Image Evaluation Using Secret Predicates,' Proc. of The Cryptographer's Track at RSA Conference (CT-RSA), LNCS 4377, pp. 67-84, 2007
  9. H. Zhao and.X. Li, 'S3PAS: A Scalable Shoulder-Burfing, Resistant Textual-Graphical Password Authentication Scheme,' Proc. of 21st IEEE International Conference on Advanced Information Networking and Applications Workshop (AINAW), pp. 467-472, May 2007
  10. X. Bai, W. Gu, S. Chellappan, X.: Wang, D. Xuan, and B. Ma, 'PAS: Predicatebased Authentication Services Against Powerful Passive Adversaries,' Proc. of 200S Annual Computer Security Appli-cations Conference (ACSAC), pp. 433-442, Dec. 2008 https://doi.org/10.1109/ACSAC.2008.23
  11. Z. Zheng, X. Liu, L. Yin, and Z. Liu, 'A Stroke-based Textual Password Authentication Scheme,' Proc. of 2009 First International Workshop on Education Technology and Computer Science, pp. 90-95, Mar. 2009 https://doi.org/10.1109/ETCS.2009.544
  12. I. Jermynn, A. Mayer, F. Monrose, M.K. Reiter, and A.D. Rubin, 'The Design and Analysis of Graphical Passwords,' Proc. of the Sth USE NIX Security Symposium, p. 1, Aug. 1999