Browse > Article
http://dx.doi.org/10.6109/jkiice.2014.18.4.867

Two layered Secure Password Generation with Random Number Generator  

Seo, Hwa-Jeong (Department of Computer Engineering, Pusan National University)
Kim, Ho-Won (Department of Computer Engineering, Pusan National University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.18, no.4, 2014 , pp. 867-875 More about this Journal
Abstract
Rapid development of internet service is enabling internet banking services in anywhere and anytime. However, service access through internet can be exposed to adversary easily. To prevent, current service providers execute authentication process with user's identification and password. However, majority of users use short and simple password and do not periodically change their password. As a result of this, user's password could be exposed to attacker's brute force attack. In this paper, we presented enhanced password system which guarantee higher security even though users do not change their current password. The method uses additional secret information to replace real password periodically without replacement of real password.
Keywords
Password; Authentication; Brute-Force-Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Jegalbyungjik. "Trend of Mobile OS and Smart Phone Market," Semiconductor Insight 36, 2010.
2 Kiyoung Kim, and Dongho Kang. "Smartphone Security for Open Mobile Environments," KIISC 19, no. 5, pp. 21-28, 2009.
3 Korea Communications Commission, KISA, "Survey on Security of Current Trend of Public in 2012," 2012.
4 Gary C. Kessler, "PASSWORDS - STRENGTHS AND WEAKNESSES," available at http://www.garykessler.net/ library/password.html
5 Rydell, Johan, Mingliang Pei, and Salah Machani. "TOTP: Time-Based One-Time Password Algorithm." 2011.
6 Daemen, Joan, and Vincent Rijmen. "AES proposal: Rijndael," 1999.
7 Sidorenko, Andrey, and Berry Schoenmakers. "Concrete security of the Blum-Blum-Shub pseudorandom generator." In Cryptography and Coding, pp. 355-375, 2005.
8 Gjosteen, Kristian. "Comments on Dual-EC-DRBG/NIST SP 800-90," 2006.
9 Ruhrmair, Ulrich, and Marten van Dijk. "Practical security analysis of PUF-based two-player protocols." In Cryptographic Hardware and Embedded Systems, pp. 251-267. 2012.
10 Goldwasser, Shafi, Silvio Micali, and Charles Rackoff. "The knowledge complexity of interactive proof systems." SIAM Journal on computing 18, no. 1, pp. 186-208, 1989.   DOI   ScienceOn
11 Changyoung Kwan, Hyunggyu Yang, Dongho Won, "Research on Zero-knowledge for Applications and Communication Verification," KIISC 2, no. 2, pp. 31-39, 1992.
12 Wikipedia,"Zero-knowledge proof," available at http://en.wikipedia.org/wiki/Zero-knowledge_proof
13 "How secure is my password?," Available at https://howsecureismypassword.net
14 EBench, "eBACS: ECRYPT Benchmarking of Cryptographic Systems," Available at http://bench.cr.yp.to/resultsstream. html