Browse > Article

패스워드 강도 측정 방법 연구 동향  

Kim, KyoungHoon (연세대학교 정보대학원 정보보호연구실)
Kim, Seung-Yeon (연세대학교 정보대학원 정보보호연구실)
Kwon, Taekyoung (연세대학교 정보대학원 정보보호연구실)
Publication Information
Review of KIISC / v.27, no.1, 2017 , pp. 31-38 More about this Journal
Keywords
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 M. Weir, S. Aggarwal, M. Collins, and H. Stern, "Testing metrics for password creation policies by attacking large sets of revealed passwords," In Proceedings of the 17th ACM conference on Computer and communications security, pp. 162-175, October, 2010.
2 P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas, L. Bauer, and J. Lopez, "Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms," In 2012 IEEE Symposium on Security and Privacy, pp. 523-537, May, 2012.
3 M. Weir, S. Aggarwal, B. De Medeiros, B., and B. Glodek, "Password cracking using probabilistic context-free grammars," In 2009 30th IEEE Symposium on Security and Privacy, pp. 391-405, May, 2009.
4 B. Ur, S. M. Segreti, L. Bauer, N. Christin, L. F. Cranor, S. Komanduri, R. Shay, "Measuring real-world accuracies and biases in modeling password guessability, "In 24th USENIX Security Symposium, pp. 463-481, 2015.
5 A. Rao, B. Jha, and G. Kini, "Effect of grammar on security of long passwords," In Proceedings of the third ACM conference on Data and application security and privacy, pp. 317-324, February, 2013.
6 A. Narayanan, and V. Shmatikov, "Fast dictionary attacks on passwords using time-space tradeoff," In Proceedings of the 12th ACM conference on Computer and communications security, pp. 364-372, Nov. 2005.
7 Dell' Amico, Matteo, P. Michiardi, and Y. Roudier, "Password Strength: An Empirical Analysis," In INFOCOM, Vol. 10, pp. 983-991, March, 2010.
8 C. Castelluccia, M. Dürmuth, and D. Perito, "Adaptive Password-Strength Meters from Markov Models," In NDSS, Feb., 2012.
9 J. Ma, W. Yang, M. Luo, and N. Li, "A study of probabilistic password models," In 2014 IEEE Symposium on Security and Privacy, pp. 689-704, May, 2014.
10 M. Durmuth, F. Angelstorf, C. Castelluccia, D. Perito, and A. Chaabane, "OMEN: Faster password guessing using an ordered markov enumerator," In International Symposium on Engineering Secure Software and Systems, pp. 119-132, March, 2015.
11 Y. Zhang, F. Monrose, and M. K. Reiter, "The security of modern password expiration: An algorithmic framework and empirical analysis," In Proceedings of the 17th ACM conference on Computer and communications security, pp. 176-186, Oct., 2010.
12 X. de C. de Carnavalet and M. Mannan, "From Very Weak to Very Strong: Analyzing Password-Strength Meters," In Proc. of NDSS, 2014.
13 D. L. Wheeler, "zxcvbn: Lowbudget password strength estimation," In Proc. of 25th USENIX Security Symposium, pp. 157-173, 2016.
14 B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, and L. Christin, "How does your password measure up? The effect of strength meters on password creation," In USENIX Security Symposium, pp. 65- 80, Aug., 2012.
15 김경훈, 권태경, "김경훈, 권태경, "국내 웹 사이트 패스워드 미터 분석," 정보보호학회논문지, Vol. 26, No. 3, pp. 757-767, 2016.   DOI
16 D. Florencio and C. Herley, "A Large-Scale Study of Web Password Habits," in Proc. of WWW, 2007.
17 B. Ur, F. Noma, J. Bees, S. M. Segreti, R. Shay, L. Bauer, N. Christin, and L. F. Cranor, ""I added '!' at the End to Make It Secure":Observing Password Creation in the Lab," in Proc. of SOUPS, 2015.
18 R. Veras, C. Collins, and J. Thorpe, "On the Semantic Patterns of Passwords and their Security Impact," in Proc. of NDSS, 2014.
19 A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. F. Wang, "The Tangled Web of Password Reuse," In Proc. of NDSS, 2014.
20 S. Gaw and E. W. Felten, "Password Management Strategies for Online Accounts," in Proc. of SOUPS, 2006.
21 C. E. Shannon, "A mathematical theory of communication," ACM SIGMOBILE Mobile Computing and Communications Review, 5(1), pp. 3-55, 2001.   DOI
22 A. Rrnyi, RNYI, "On measures of entropy and information," In: Fourth Berkeley symposium on mathematical statistics and probability, pp. 547-561, 1961.
23 J. Bonneau, "The science of guessing: analyzing an anonymized corpus of 70 million passwords," In 2012 IEEE Symposium on Security and Privacy, pp. 538-552, May, 2012.
24 R. V. Hartley, "Transmission of information1," Bell System technical journal, 7(3), pp. 535-563, 1928.   DOI
25 R. Shay, S. Komanduri, P. G. Kelley, P. G. Leon, M. L. Mazurek, L. Bauer and L. F. Cranor, "Encountering stronger password requirements: user attitudes and behaviors," In Proceedings of the Sixth Symposium on Usable Privacy and Security ACM. July, 2010.
26 S. Egelman, A. Sotirakopoulos, I. Muslukhov, K. Beznosov, and C. Herley, "Does my password go up to eleven?: the impact of password meters on password selection," In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems ACM, pp. 2379-2388. April, 2013.
27 D. Malone, and K. Maher, "Investigating the distribution of password choices," In Proceedings of the 21st international conference on World Wide Web, ACM, pp. 301-310, April, 2012.
28 S. Komanduri, R. Shay, P. G. Kelley, M. L. Mazurek, L. Bauer, N. Christin, and S. Egelman, "Of passwords and people: measuring the effect of password-composition policies," In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM, pp. 2595-2604, May, 2011.
29 W. E. Burr, D. F. Dodson, E. M. Newton, R. A. Perlner, W. T. Polk, S. Gupta, and E. A. Nabbus, "Sp 800-63-1. electronic authentication guideline," NIST, 2013.