- 學位論文
圖片式認證的安全性分析與強化
The Security Analysis and Enhancement of Photographic Authentication
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
對於存取不同的系統服務而言,用戶身份驗證是一個重要的機制。雖然傳統的字母符號式密碼(Alphanumeric Password)仍是目前系統提供服務時候最常使用的認證機制,但卻很容易造成安全問題。 因此,T. Pering提出使用一個圖片認證(PA: Photographic Authentication) 來提供一個更加安全的登入機制。它也正符合目前數位照片日漸普及的。在先前的研究中,它的安全分析呈現是以基於真實的駭客攻擊以及較小量的照片集為主,並沒有分析使用工具進行攻擊及大量使用者情境下的安全性。 在本篇論文中,自動執行的攻擊工具的目的是為了去分析圖片認證系統的安全性。攻擊工具收集圖片式認證系統顯示過的照片並且累計歷史照片出現過的次數。然後,攻擊工具選擇出現最多次數的照片去做認證並且重複這個程序,直到能夠成功的登入。 另外,為了干擾攻擊工具比對照片的能力以及增加系統的安全性,雜訊技術也被用來加入到原始照片。進一步地,模擬工具被設計出來用來分析面對較大數量照片時的安全性。從本篇文章的實驗以及模擬結果中,可以很清楚地檢驗圖片認證方法的安全性。
並列摘要
User authentication is an important mechanism for accessing various services. Although the traditional alphanumeric password is still popular for user authentication, it is vulnerable and easily causes security issues. Therefore, photographic authentication (PA) is proposed by T. Pering et al. to provide a more secure login mechanism. It also meets the increased prevalence of digital photography. Its security analysis presented in the previous study is based on real attackers and very small photo sets. In this paper, an automatic attack tool is designed to analysis the security of photographic authentication systematically. The tool collects the displayed photos and matches with historical ones to accumulate their counts. Then, it selects the photo with highest count and repeats the process until successful login. In order to interfere with the photo match of such attack tool and thus enhance the security, a noise displacement technique is also used to add into the original photos. In advance, a simulation tool is designed to analysis the security of a large number of photo sets. The security of photographic authentication is examined clearly from the experimental and simulation studies presented in this paper.
參考文獻
[2] K. Renaud and A. D. Angeli, “My Password Is Here! An Investigation into Visuo-Spatial Authentication Mechanisms,” Interacting with Computers, Vol. 16, Issue 6, Dec. 2004, pp. 1017-1041.
[3] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy,and N. Memon, “PassPoints: Design and Longitudinal Evaluation of A Graphical Password System,” International Journal of Human-Computer Studies, Vol. 63, 2005, pp. 102-127.
[4] S. Brostoff and M. A. Sasse, “Are PassfacesTM More Usable Than Passwords? A Field Trial Investigation,” Proceedings of Human Computer Interaction, 2000, pp. 405–424.
[6] R. H. Chan, C. W. Ho, and M. Nikolova, “Salt-and-Pepper Noise Removal by Median-Type Noise Detectors and Detail-Preserving Regularization,” IEEE Transactions on Image Processing, Vol. 14, Issue 10, Oct. 2005, pp. 1479-1485.
[7] 朝陽科技大學資訊工程系老師謝正勳,學生黃柏欽、黃偉承、許維哲“應用適應性次序排列濾波器於影像雜訊消除” 2008/12/05.
延伸閱讀
- Yen, Y. J. (2014). 身分驗證協定的安全性分析之研究 [master's thesis, National Taichung University of Science and Technology]. Airiti Library. https://doi.org/10.6826/NUTC.2014.00044
- 鄭博仁、陳維屏、顧維祺、葉育彰(2012)。可抵擋登入記錄攻擊之圖形化通行碼的安全性與使用性分析。Electronic Commerce Studies,10(2),169-197。https://doi.org/10.29767/ECS.201206.0003
- 李香蓉(2009)。安全關鍵系統認證工具平台〔碩士論文,元智大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0009-2807200913341200
- 曾文峰(2005)。安全網路資料交換機制雛型設計〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU.2005.01984
- 陳柏諭(2011)。The Study of Authentication and Certificateless Key Agreement Protocol〔碩士論文,亞洲大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0118-1511201215471708