透過您的圖書館登入 IP:3.133.161.153
透過您的圖書館登入
IP:3.133.161.153
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 期刊

可抵擋登入記錄攻擊之圖形化通行碼的安全性與使用性分析

Security and Usability Analysis of Login-Recording Attacks Resistant Graphical Password Schemes

鄭博仁(Bo-Ren Cheng) 陳維屏(Wei-Ping Chen) 顧維祺(Wei-Chi Ku) 葉育彰(Yu-Chang Yeh)
《Electronic Commerce Studies》 10卷2期 (2012/06) Pp. 169-197
https://doi.org/10.29767/ECS.201206.0003
全文下載

摘要

使用者在登入系統的過程中其通行碼可能會遭受登入記錄攻擊的威脅,包括:肩窺攻擊、間諜程式攻擊、攝影機攻擊與竊聽攻擊,故有許多針對登入記錄攻擊所設計之圖形化通行碼及其相關研究被提出,不同的設計有截然不同的人因假設、理念或技術而各有其優缺點。現有可抵擋登入記錄攻擊的圖形化通行碼可區分成兩類:第一類「可抵擋弱登入記錄攻擊的圖形化通行碼」乃以提供良好的使用性為優先考量之設計,雖然對於登入記錄攻擊的抵擋能力較弱,但使用者能夠方便、正確且快速的登入系統,適合使用於較安全的登入環境;第二類「可抵擋強登入記錄攻擊的圖形化通行碼」則以提供較強的登入記錄攻擊抵擋能力為優先考量之設計,雖然使用性較差且需耗費較長的時間登入系統,但適合使用於可能遭受多次登入記錄攻擊的登入環境中。在本論文中,我們分別評析了四套較具代表性的可抵擋弱登入記錄攻擊之圖形化通行碼以及四套較具代表性的可抵擋強登入記錄攻擊之圖形化通行碼的安全性與使用性,提供電子商務應用系統開發者在身份認證機制設計時之參考。

關鍵字

圖形化通行碼 登入記錄攻擊 間諜程式 肩窺 竊聽

並列摘要

As conventional textual passwords and common graphical passwords cannot resist the login-recording attacks, many login-recording attacks resistant graphical password schemes based on various techniques have been proposed. Herein, we analyze the security and usability of four weak login-recording attacks resistant graphical password schemes, in which the user can easily and efficiently login the system, and four strong login-recording attacks resistant graphical password schemes, in which the user can login the system in an environment with the threat of serious login-recording attacks. This paper is intended to be used as a reference for e-commerce application developers in designing the authentication mechanism.

並列關鍵字

graphical password login-recording attack spyware shoulder surfing wiretapping

參考文獻

Gao, H.,Liu, X.,Wang, S.,Liu, H.,Dai, R.(2009).Design and Analysis of a Graphical Password Scheme.Proceedings of the Fourth International Conference on Innovative Computing, Information and Control.(Proceedings of the Fourth International Conference on Innovative Computing, Information and Control).:
GrIDsure. (2007). Comments on Gridsure Authentication. Retrieved November 30, 2011, from the World Wide Web: http://www.gridsure.com
Komanduri, S.,Hutchings, D.(2008).Order and Entropy in Picture Passwords.Proceedings of the 2008 Graphics Interface Conference.(Proceedings of the 2008 Graphics Interface Conference).
Yamamoto, T.,Kojima, Y.,Nishigaki, M.(2009).A Shoulder-Surfing-Resistant Image-Based Authentication System with Temporal Indirect Image Selection.Proceedings of the 2009 International Conference on Security and Management.(Proceedings of the 2009 International Conference on Security and Management).
Zheng, Z.,Liu, X.,Yin, L.,Liu, Z.(2009).A Stroke-Based Textual Password Authentication Scheme.Proceedings of the First International Workshop on Education Technology and Computer Science.(Proceedings of the First International Workshop on Education Technology and Computer Science).

延伸閱讀

全文下載