The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Secure Password System against Imposter

타인의 관찰에 의한 패스워드 노출로부터 안전한 패스워드 시스템

  • 박승배 (초당대학교 컴퓨터과학과) ;
  • 박성배 (순천제일대학 인터넷정보학부) ;
  • 강문설 (광주대학교 컴퓨터전자통신공학부)
  • Published : 2003.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

We present a new password system, called dual password system, with the user verification procedure. Dual password system is the first password system in the world preventing the exposure of secret information to imposter at the terminal. User of dual password system matches two alphabets at same location of first password and second password iteratively for inputting password. Therefore, the deriving method of first password and second password from the password is important in dual password system. Related to the deriving method of first password and second password from password, a new problem, called dual password derivation problem, is defined, and the evaluation factors for the solutions of the dual password derivation problem are presented.

인가된 사용자가 패스워드를 입력하는 과정이 타인에게 관찰되어도 패스워드가 노출되지 않는 세계 최초의 패스워드 시스템인 듀얼 패스워드 시스템을 제안하고, 듀얼 패스워드 시스템이 사용자를 인증하는 과정을 제시한다. 듀얼 패스워드 시스템의 패스워드 입력은 first password와 second password의 동일한 위치에 있는 두 기호를 매칭하는 과정을 반복하여 이루어진다. 따라서, 패스워드로부터 first password와 second password를 유도하는 방법은 듀얼 패스워드 시스템에서 중요한 의미를 갖는다. 패스워드로부터 first password와 second password를 유도하는 방법과 관련하여 dual password derivation 문제를 정의하며, dual password derivation 문제의 해에 대한 평가 척도들을 제시한다.

Keywords

References

  1. M. Blum, A. De santis, S. Micali, and G. Persiano, Noninteractive zero-knowledge,' SIAM Journal on Computing, Vol.20, No.6, pp.1084-1118, 1991 https://doi.org/10.1137/0220068
  2. D. C. Feldmeier and P. R. Karn, 'UNIX password security-ten years later,' Advances in Cryptology-CRYPTO '89, LNCS 435, pp.44-63, 1990
  3. U. Feige, A. Fiat and A. Shamir, 'Zero knowledge proofs of identity,' Journal of Cryptology, pp.77-94, 1988 https://doi.org/10.1007/BF02351717
  4. S. Goldwasser, S. Micali and C. Rachoff, 'The knowledge complexity of interactive proof systems,' SIAM Journal on Computing, pp.186-208, 1989 https://doi.org/10.1137/0218012
  5. A. Jain, L. Hong, and R. Bolle, 'On-line fingerprint verification,' IEEE Trans. Pattern Ana. Machine Intell., Vol.19, No.4, pp.302-313, 1997 https://doi.org/10.1109/34.587996
  6. D. V. Klein, 'Foiling the cracker : a survey of, and improvements to, password security,' Proceedings of the 2nd USENIX UNIX Security Workshop, pp.5-14, 1990
  7. K.-Y. Lam and T. Beth, 'Timely authentication in distributed systems,' Second European Symposium on Research in Computer Security, LNCS 648, pp.293-303, 1992 https://doi.org/10.1007/BFb0013904
  8. Z. M. Kovcs-Vajna, 'A fingerprint verification system based on triangular matching and dynamic time warping,' IEEE Trans, Pattern Ana. Machine Intell., Vol.22, No.11, pp.1266-1276, 2000 https://doi.org/10.1109/34.888711
  9. A. J. Wills and L. Myers, 'A cost-effective fingerprint recognition system for use with low-quality prints and damaged fingertips,' Pattern Recognition 34, pp.255-270, 2001 https://doi.org/10.1016/S0031-3203(00)00003-0

Cited by

  1. Advanced Password Input Method in Automated Teller Machines/Cash Dispenser vol.18C, pp.2, 2011, https://doi.org/10.3745/KIPSTC.2011.18C.2.071
  2. Design and Implementation of Pinpad using Secure Technology from Shoulder Surfing Attack vol.17D, pp.2, 2010, https://doi.org/10.3745/KIPSTD.2010.17D.2.167